Scientific Linux Security Update : subversion on SL5.x i386/x86_64

A NULL pointer dereference flaw was found in the way the moddavsvn module processed certain requests to lock working copy paths in a repository. A remote attacker could issue a lock request that could cause the httpd process serving the request to crash. CVE-2011-0715 This update also fixes the...

Scientific Linux Security Update : php on SL3.x, SL4.x, SL5.x i386/x86_64

A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code. CVE-2008-5557 A flaw was found in the handling...

Scientific Linux Security Update : php on SL4.x, SL5.x, SL6.x i386/x86_64 (20120202)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 released via previous php packages introduced an uninitialized memory use flaw. A remote attacker could send a specially crafted HTTP request to cause the PHP...

Scientific Linux Security Update : httpd on SL5.x i386/x86_64

A flaw was found in the handling of compression structures between modssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impacting other processes, or causing a system crash. CVE-2008-1678 A flaw...

Scientific Linux Security Update : httpd on SL5.x i386/x86_64

CVE-2010-0408 httpd: modproxyajp remote temporary DoS CVE-2010-0434 httpd: request header information leak It was discovered that modproxyajp incorrectly returned an 'Internal Server Error' response when processing certain malformed requests, which caused the back-end server to be marked as faile...

Scientific Linux Security Update : httpd on SL3.x i386/x86_64

CVE-2009-1891 httpd: possible temporary DoS CPU consumption in moddeflate CVE-2009-2412 apr, apr-util: Integer overflows in memory pool apr and relocatable memory apr-util management Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable...

Scientific Linux Security Update : httpd on SL5.x i386/x86_64

A denial of service flaw was found in the Apache modproxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. CVE-2009-1890 A denial of service flaw was found in the Apache moddeflate module. This module...

Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64

CVE-2009-1891 httpd: possible temporary DoS CPU consumption in moddeflate CVE-2009-3094 httpd: NULL pointer defer in modproxyftp caused by crafted EPSV and PASV reply CVE-2009-3095 httpd: modproxyftp FTP command injection via Authorization HTTP header CVE-2009-3555 TLS: MITM attacks via session...

Scientific Linux Security Update : apr on SL6.x i386/x86_64

The Apache Portable Runtime APR is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 introduced an infinite loop flaw in the aprfnmatch function when the APRFNMPATHNAME matching flag was...

Scientific Linux Security Update : apr-util on SL4.x, SL5.x i386/x86_64

An off-by-one overflow flaw was found in the way apr-util processed a variable list of arguments. An attacker could provide a specially crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive...

Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64

A flaw was found in the modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar...

Scientific Linux Security Update : subversion on SL6.x i386/x86_64

An access restriction bypass flaw was found in the moddavsvn module. If the SVNPathAuthz directive was set to 'shortcircuit', certain access rules were not enforced, possibly allowing sensitive repository data to be leaked to remote users. Note that SVNPathAuthz is set to 'On' by default...

Scientific Linux Security Update : php on SL4.x, SL5.x i386/x86_64

An input validation flaw was discovered in the PHP session serializer. If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the PHP session. CVE-2010-3065 An information leak flaw was discovered in t...

Scientific Linux Security Update : php on SL5.x i386/x86_64 (20120627)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...

Scientific Linux Security Update : subversion on SL5.x, SL6.x i386/x86_64

Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The moddavsvn module is used with the Apache HTTP Server to allow access to Subversion...

Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64

A flaw was found in the modproxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. CVE-2008-2364 A flaw was found in the modproxyftp Apache module. If Apache was...

CentOS Update for httpd CESA-2012:0128 centos6

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2012:0128 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CentOS Update for httpd CESA-2011:1245 centos4 x86_64

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1245 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

CentOS Update for httpd CESA-2011:1392 centos4 x86_64

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1392 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

CentOS Update for httpd CESA-2011:1392 centos5 x86_64

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2011:1392 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...