This update of apache2 fixes an integer overflow in the PCRE quantifier parsing which can be triggered by a local untrusted user by using a carefully crafted regex in a .htaccess file to execute arbitrary code. (CAN-2005-2491)
There are no workarounds known.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 9.1 | x86_64 | apache2-prefork | < 2.0.49-27.34 | apache2-prefork-2.0.49-27.34.x86_64.rpm |
openSUSE | 9.2 | i586 | apache2-worker | < 2.0.50-7.7 | apache2-worker-2.0.50-7.7.i586.rpm |
openSUSE | 9.2 | i586 | apache2-devel | < 2.0.50-7.7 | apache2-devel-2.0.50-7.7.i586.rpm |
openSUSE | 9.2 | x86_64 | apache2-prefork | < 2.0.50-7.7 | apache2-prefork-2.0.50-7.7.x86_64.rpm |
openSUSE | 9.0 | i586 | apache2-metuxmpm | < 2.0.48-155 | apache2-metuxmpm-2.0.48-155.i586.rpm |
openSUSE | 9.0 | x86_64 | apache2-prefork | < 2.0.48-155 | apache2-prefork-2.0.48-155.x86_64.rpm |
openSUSE | 9.0 | i586 | apache2 | < 2.0.48-155 | apache2-2.0.48-155.i586.rpm |
openSUSE | 9.3 | i586 | apache2-devel | < 2.0.53-9.5 | apache2-devel-2.0.53-9.5.i586.rpm |
openSUSE | 9.0 | x86_64 | apache2 | < 2.0.48-155 | apache2-2.0.48-155.x86_64.rpm |
openSUSE | 9.2 | x86_64 | apache2-devel | < 2.0.50-7.7 | apache2-devel-2.0.50-7.7.x86_64.rpm |