You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ig...@apache.org on 2012/05/06 19:09:23 UTC
svn commit: r1334700 - in /httpd/site/trunk/content/security:
vulnerabilities_24.mdtext vulnerabilities_24.xml
Author: igalic
Date: Sun May 6 17:09:22 2012
New Revision: 1334700
URL: http://svn.apache.org/viewvc?rev=1334700&view=rev
Log:
anakia2markdown.xslt security/vulnerabies_24.xml
Added:
httpd/site/trunk/content/security/vulnerabilities_24.mdtext
- copied, changed from r1334697, httpd/site/trunk/content/security/vulnerabilities_24.xml
Removed:
httpd/site/trunk/content/security/vulnerabilities_24.xml
Copied: httpd/site/trunk/content/security/vulnerabilities_24.mdtext (from r1334697, httpd/site/trunk/content/security/vulnerabilities_24.xml)
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities_24.mdtext?p2=httpd/site/trunk/content/security/vulnerabilities_24.mdtext&p1=httpd/site/trunk/content/security/vulnerabilities_24.xml&r1=1334697&r2=1334700&rev=1334700&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities_24.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities_24.mdtext Sun May 6 17:09:22 2012
@@ -1,55 +1,54 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<document>
-<properties>
-<author email="security@httpd.apache.org">Apache HTTP Server Security Team</author>
-<title>Apache httpd 2.4 vulnerabilities</title>
-</properties>
-<body>
-<section id="top">
-<title>Apache httpd 2.4 vulnerabilities</title>
-<p>This page lists all security vulnerabilities fixed in released
-versions of Apache httpd 2.4. Each
-vulnerability is given a security <a href="/security/impact_levels.html">impact rating</a> by the Apache
-security team - please note that this rating may well vary from
-platform to platform. We also list the versions of Apache httpd the
-flaw is known to affect, and where a flaw has not been verified list
-the version with a question mark. </p>
-<p> Please note that if a vulnerability is shown below as being fixed
-in a "-dev" release then this means that a fix has been applied to
-the development source tree and will be part of an upcoming full release.</p>
-<p> This page is created from a database of vulnerabilities originally
-populated by Apache Week. Please send comments or corrections for
-these vulnerabilities to the <a href="/security_report.html">Security
-Team</a>. </p>
-<p><em>The initial GA release, Apache httpd 2.4.1, includes fixes for all vulnerabilities which have been resolved in Apache httpd 2.2.22 and all older releases. Consult the <a href="vulnerabilities_22.html">Apache httpd 2.2 vulnerabilities list</a> for more information.</em></p>
-</section>
-<section id="2.4.2">
-<title>
-Fixed in Apache httpd 2.4.2</title>
-<dl>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a>
-<p>
-Insecure handling of LD_LIBRARY_PATH was found that could
-lead to the current working directory to be searched for DSOs.
-This could allow a local user to execute code as root if an
-administrator runs apachectl from an untrusted directory.
-</p>
-</dd>
-<dd>
- Reported to security team: 14th February 2012<br/>
- Issue public: 2nd March 2012<br/>
- Update released: 17th April 2012<br/>
-</dd>
-<dd>
- Affected:
- 2.4.1<p/>
-</dd>
-</dl>
-</section>
-</body>
-</document>
+Title: Apache httpd 2.4 vulnerabilities
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+# Apache httpd 2.4 vulnerabilities # {#top}
+
+This page lists all security vulnerabilities fixed in released versions of
+Apache httpd 2.4. Each vulnerability is given a security [impact
+rating](/security/impact_levels.html) by the Apache security team - please
+note that this rating may well vary from platform to platform. We also list
+the versions of Apache httpd the flaw is known to affect, and where a flaw
+has not been verified list the version with a question mark.
+
+Please note that if a vulnerability is shown below as being fixed in a
+"-dev" release then this means that a fix has been applied to the
+development source tree and will be part of an upcoming full release.
+
+This page is created from a database of vulnerabilities originally
+populated by Apache Week. Please send comments or corrections for these
+vulnerabilities to the [Security Team](/security_report.html).
+
+*The initial GA release, Apache httpd 2.4.1, includes fixes for all
+vulnerabilities which have been resolved in Apache httpd 2.2.22 and all
+older releases. Consult the [Apache httpd 2.2 vulnerabilities
+list](vulnerabilities_22.html) for more information.*
+
+# Fixed in Apache httpd 2.4.2 # {#2.4.2}
+
+: **low:** **<name name="CVE-2012-0883">insecure LD_LIBRARY_PATH
+ handling</name>**
+ [CVE-2012-0883](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883)
+Insecure handling of LD_LIBRARY_PATH was found that could lead to the
+current working directory to be searched for DSOs. This could allow a local
+user to execute code as root if an administrator runs apachectl from an
+untrusted directory.
+
+: Reported to security team: 14th February 2012<br></br>Issue public:
+ 2nd March 2012<br></br>Update released: 17th April 2012<br></br>
+: Affected: 2.4.1
+