Paketname
apache-conf
Datum
2010-01-07
Advisory ID
MDVSA-2009:300-2
Betroffene Versionen
2008.0 i586 , 2008.0 x86_64

Problembeschreibung

A vulnerability was discovered and corrected in apache-conf:

The Apache HTTP Server enables the HTTP TRACE method per default
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via unspecified web client software (CVE-2009-2823).

This update provides a solution to this vulnerability.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

Aktualisierte Pakete

2008.0 i586

 e4add07b886a421101be638c495e36d3  2008.0/i586/apache-conf-2.2.6-1.1mdv2008.0.i586.rpm 
 e5312c85bedded03f9f8f20a0385a377  2008.0/SRPMS/apache-conf-2.2.6-1.1mdv2008.0.src.rpm

2008.0 x86_64

 1f0b1fc20f619ef688b180e354337456  2008.0/x86_64/apache-conf-2.2.6-1.1mdv2008.0.x86_64.rpm 
 e5312c85bedded03f9f8f20a0385a377  2008.0/SRPMS/apache-conf-2.2.6-1.1mdv2008.0.src.rpm

Referenzen