Source-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: doc
Module Name: doc
Committed By: martti
Date: Thu Aug 29 14:13:10 UTC 2002
Modified Files:
doc: pkg-CHANGES
Log Message:
Updated apache to 2.0.40
* SECURITY: [CAN-2002-0661] Close a very significant security hole that
applies only to the Win32, OS2 and Netware platforms. Unix was not
affected, Cygwin may be affected. Certain URIs will bypass security
and allow users to invoke or access any file depending on the system
configuration. Without upgrading, a single .conf change will close
the vulnerability. Add the following directive in the global server
httpd.conf context before any other Alias or Redirect directives;
RedirectMatch 400 "\\\.\."
Reported by Auriemma Luigi <bugtest%sitoverde.com@localhost>.
[Brad Nicholes]
* SECURITY: Close a path-revealing exposure in multiview type
map negotiation (such as the default error documents) where the
module would report the full path of the typemapped .var file when
multiple documents or no documents could be served based on the mime
negotiation. Reported by Auriemma Luigi <bugtest%sitoverde.com@localhost>.
[CAN-2002-0654] [William Rowe]
* SECURITY: Close a path-revealing exposure in cgi/cgid when we
fail to invoke a script. The modules would report "couldn't create
child process /path-to-script/script.pl" revealing the full path
of the script. Reported by Jim Race <jrace%qualys.com@localhost>.
[CAN-2002-0654] [Bill Stoddard]
* More bug fixes (see the CHANGES file)
To generate a diff of this commit:
cvs rdiff -r1.7304 -r1.7305 doc/pkg-CHANGES
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index