You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2012/03/02 21:06:34 UTC
svn commit: r1296428 - in /httpd/httpd/trunk: CHANGES support/envvars-std.in
Author: sf
Date: Fri Mar 2 20:06:34 2012
New Revision: 1296428
URL: http://svn.apache.org/viewvc?rev=1296428&view=rev
Log:
Fix insecure handling of LD_LIBRARY_PATH that could lead to the
current working directory to be searched for DSOs
CVE-2012-0883
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/support/envvars-std.in
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1296428&r1=1296427&r2=1296428&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Mar 2 20:06:34 2012
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) SECURITY: CVE-2012-0883 (cve.mitre.org)
+ envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
+ current working directory to be searched for DSOs. [Stefan Fritsch]
+
*) Fix MPM DSO load failure on AIX. [Jeff Trawick]
*) core: Add the port number to the vhost's name in the scoreboard.
Modified: httpd/httpd/trunk/support/envvars-std.in
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/envvars-std.in?rev=1296428&r1=1296427&r2=1296428&view=diff
==============================================================================
--- httpd/httpd/trunk/support/envvars-std.in (original)
+++ httpd/httpd/trunk/support/envvars-std.in Fri Mar 2 20:06:34 2012
@@ -18,7 +18,11 @@
#
# This file is generated from envvars-std.in
#
-@SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
+if test "x$@SHLIBPATH_VAR@" != "x" ; then
+ @SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
+else
+ @SHLIBPATH_VAR@="@exp_libdir@"
+fi
export @SHLIBPATH_VAR@
#
@OS_SPECIFIC_VARS@