enterprise-support team mailing list archive

[Launchpad Bug Tracker <897120@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package apache2 - 2.2.21-3ubuntu1

---------------
apache2 (2.2.21-3ubuntu1) precise; urgency=low

  * Merge from Debian testing.  Remaining changes:
    - debian/{control, rules}: Enable PIE hardening.
    - debian/{control, rules, apache2.2-common.ufw.profile}: Add ufw profiles.
    - debian/control: Add bzr tag and point it to our tree
    - debian/apache2.py, debian/apache2.2-common.install: Add apport hook.
    - debian/control, debian/ask-for-passphrase, debian/config-dir/mods-available/ssl.conf:
      Plymouth aware passphrase dialog program ask-for-passphrase.

apache2 (2.2.21-3) unstable; urgency=medium

  * Fix CVE-2011-4317: Prevent unintended pattern expansion in some
    reverse proxy configurations. (Similar to CVE-2011-3368, but different
    attack vector.)
  * Fix CVE-2011-3607: Integer overflow in ap_pregsub could cause segfault
    via malicious .htaccess.
  * Mention dpkg-statoverride for changing permissions of suexec. LP: #897120
  * Fix broken link in docs. Closes: #650528
  * Remove Tollef Fog Heen, Thom May, and Peter Samuelson from uploaders.
    Thanks for your work in the past.
 -- Chuck Short <zulcss@xxxxxxxxxx>   Fri, 09 Dec 2011 05:20:43 +0000

** Changed in: apache2 (Ubuntu)
       Status: New => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3368

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3607

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-4317

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/897120

Title:
  apache2-suexec-custom changes permissions on suexec binary

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/897120/+subscriptions