Scientific Linux Security Update : httpd on SL3.x i386/x86_64

CVE-2009-1891 httpd: possible temporary DoS CPU consumption in moddeflate CVE-2009-2412 apr, apr-util: Integer overflows in memory pool apr and relocatable memory apr-util management Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable...

Scientific Linux Security Update : httpd on SL3.x i386/x86_64

An off-by-one overflow flaw was found in the way apr-util processed a variable list of arguments. An attacker could provide a specially crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive...

Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20120213)

The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 released in a previous update did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker b...

Scientific Linux Security Update : php on SL6.x i386/x86_64

A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker's input in a numeric context, the PHP interpreter could cause high CPU usage until the script execution time limit is reached. This issue only...

Scientific Linux Security Update : mod_auth_mysql on SL6.x i386/x86_64

A flaw was found in the way modauthmysql escaped certain multibyte-encoded strings. If modauthmysql was configured to use a multibyte character set that allowed a backslash '' as part of the character encodings, a remote attacker could inject arbitrary SQL commands into a login request...

Scientific Linux Security Update : apr-util on SL4.x, SL5.x i386/x86_64

It was found that certain input could cause the apr-util library to allocate more memory than intended in the aprbrigadesplitline function. An attacker able to provide input in small chunks to an application using the apr-util library such as httpd could possibly use this flaw to trigger high...

Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64

A flaw was found in the modproxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. CVE-2008-2364 A flaw was found in the modproxyftp Apache module. If Apache was...

Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64

A flaw was found in the modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar...

Scientific Linux Security Update : mod_auth_mysql on SL5.x i386/x86_64

A flaw was found in the way modauthmysql escaped certain multibyte-encoded strings. If modauthmysql was configured to use a multibyte character set that allowed a backslash '' as part of the character encodings, a remote attacker could inject arbitrary SQL commands into a login request...

Scientific Linux Security Update : httpd on SL5.x i386/x86_64

A denial of service flaw was found in the Apache modproxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. CVE-2009-1890 A denial of service flaw was found in the Apache moddeflate module. This module...

Scientific Linux Security Update : apr on SL4.x, SL5.x, SL6.x i386/x86_64

It was discovered that the aprfnmatch function used an unconstrained recursion when processing patterns with the '' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching such as an httpd server using th...

Scientific Linux Security Update : subversion on SL5.x i386/x86_64

A NULL pointer dereference flaw was found in the way the moddavsvn module processed certain requests to lock working copy paths in a repository. A remote attacker could issue a lock request that could cause the httpd process serving the request to crash. CVE-2011-0715 This update also fixes the...

Scientific Linux Security Update : httpd on SL4.x i386/x86_64

CVE-2010-0434 httpd: request header information leak A use-after-free flaw was discovered in the way the Apache HTTP Server handled request headers in subrequests. In configurations where subrequests are used, a multithreaded MPM Multi-Processing Module could possibly leak information from other...

Scientific Linux Security Update : php on SL5.x, SL6.x i386/x86_64 (20120507)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially crafted request to a PHP script that would result in the que...

Scientific Linux Security Update : apr and apr-util on SL4.x, SL5.x i386/x86_64

CVE-2009-2412 apr, apr-util: Integer overflows in memory pool apr and relocatable memory apr-util management Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime APR manages memory pool and relocatable memory allocations. An...

Scientific Linux Security Update : httpd on SL5.x i386/x86_64

A flaw was found in the handling of compression structures between modssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impacting other processes, or causing a system crash. CVE-2008-1678 A flaw...

Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character one with the...

Scientific Linux Security Update : php on SL4.x, SL5.x, SL6.x i386/x86_64 (20120202)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 released via previous php packages introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP...

Scientific Linux Security Update : php on SL4.x i386/x86_64 (20120130)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash...

Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120202)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 released via in a previous update for php53 introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause th...