Univention Bugzilla – Bug 48785
libapache2-mod-perl2: Multiple issues (4.3)
Last modified: 2019-02-27 13:29:32 CET
New Debian libapache2-mod-perl2 2.0.10-2+deb9u1 fixes: This update addresses the following issue: * arbitrary Perl code execution in the context of the user account via a user-owned .htaccess (CVE-2011-2767)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libapache2-mod-perl2_2.0.10-2.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/libapache2-mod-perl2_2.0.10-2+deb9u1.dsc @@ -1,3 +1,8 @@ +2.0.10-2+deb9u1 [Tue, 01 Jan 2019 14:04:06 +0000] Dominic Hargreaves <dom@earth.li>: + + * [SECURITY] CVE-2011-2767: don't allow <Perl> sections in + user controlled configuration (Closes: #644169) + 2.0.10-2 [Sun, 25 Dec 2016 11:51:10 +0200] Niko Tyni <ntyni@debian.org>: * Patch the test suite for Apache 2.4.24 compatibility. <http://10.200.17.11/4.3-3/#3922512155359996235>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 91d3c061d1 Bug #48785: libapache2-mod-perl2 2.0.10-2+deb9u1 doc/errata/staging/libapache2-mod-perl2.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<http://errata.software-univention.de/ucs/4.3/438.html>