You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mj...@apache.org on 2012/04/18 16:25:07 UTC
svn commit: r1327523 - in /httpd/site/trunk:
docs/security/vulnerabilities_24.html
xdocs/security/vulnerabilities-httpd.xml
Author: mjc
Date: Wed Apr 18 14:25:06 2012
New Revision: 1327523
URL: http://svn.apache.org/viewvc?rev=1327523&view=rev
Log:
Add CVE-2012-0883
Modified:
httpd/site/trunk/docs/security/vulnerabilities_24.html
httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/docs/security/vulnerabilities_24.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security/vulnerabilities_24.html?rev=1327523&r1=1327522&r2=1327523&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_24.html [utf-8] (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_24.html [utf-8] Wed Apr 18 14:25:06 2012
@@ -90,6 +90,44 @@ Team</a>. </p>
</blockquote>
</td></tr>
</table>
+ <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr>
+ <td bgcolor="#525D76">
+ <font color="#ffffff" face="arial,helvetica,sanserif">
+ <a name="2.4.2"><strong>
+Fixed in Apache httpd 2.4.2</strong></a>
+ </font>
+ </td>
+ </tr>
+ <tr><td>
+ <blockquote>
+<dl>
+<dd>
+<b>low: </b>
+<b>
+<name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a>
+<p>
+Insecure handling of LD_LIBRARY_PATH was found that could
+lead to the current working directory to be searched for DSOs.
+This could allow a local user to execute code as root if an
+administrator runs apachectl from an untrusted directory.
+</p>
+</dd>
+<dd>
+ Reported to security team: 14th February 2012<br />
+ Issue public: 2nd March 2012<br />
+ Update released: 17th April 2012<br />
+</dd>
+<dd>
+ Affected:
+ 2.4.1<p />
+</dd>
+</dl>
+ </blockquote>
+ </td></tr>
+</table>
</td>
</tr>
<!-- FOOTER -->
Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=1327523&r1=1327522&r2=1327523&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml [utf-8] Wed Apr 18 14:25:06 2012
@@ -1,4 +1,18 @@
-<security updated="20120126">
+<security updated="20120418">
+
+<issue fixed="2.4.2" reported="20120214" public="20120302" released="20120417">
+<cve name="CVE-2012-0883"/>
+<severity level="4">low</severity>
+<title>insecure LD_LIBRARY_PATH handling</title>
+<description><p>
+Insecure handling of LD_LIBRARY_PATH was found that could
+lead to the current working directory to be searched for DSOs.
+This could allow a local user to execute code as root if an
+administrator runs apachectl from an untrusted directory.
+</p>
+</description>
+<affects prod="httpd" version="2.4.1"/>
+</issue>
<issue fixed="2.2.22" reported="20111004" public="20111102" released="20120131">
<cve name="CVE-2011-3607"/>