MDVSA-2009:300-2
- Package name
- apache-conf
- Date
- 2010-01-07
- Advisory ID
- MDVSA-2009:300-2
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
A vulnerability was discovered and corrected in apache-conf:
The Apache HTTP Server enables the HTTP TRACE method per default
which allows remote attackers to conduct cross-site scripting (XSS)
attacks via unspecified web client software (CVE-2009-2823).
This update provides a solution to this vulnerability.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
Updated packages
2008.0 i586
e4add07b886a421101be638c495e36d3 2008.0/i586/apache-conf-2.2.6-1.1mdv2008.0.i586.rpm e5312c85bedded03f9f8f20a0385a377 2008.0/SRPMS/apache-conf-2.2.6-1.1mdv2008.0.src.rpm
2008.0 x86_64
1f0b1fc20f619ef688b180e354337456 2008.0/x86_64/apache-conf-2.2.6-1.1mdv2008.0.x86_64.rpm e5312c85bedded03f9f8f20a0385a377 2008.0/SRPMS/apache-conf-2.2.6-1.1mdv2008.0.src.rpm