Univention Bugzilla – Bug 47847
libapache2-mod-perl2: Multiple issues (4.2)
Last modified: 2018-09-26 13:41:46 CEST
New Debian libapache2-mod-perl2 2.0.9~1624218-2+deb8u3 fixes: This update addresses the following issue: * arbitrary Perl code execution in the context of the user account via a user-owned .htaccess (CVE-2011-2767) * arbitrary Perl code execution in the context of the user account via a user-owned .htaccess (CVE-2011-2767) * arbitrary Perl code execution in the context of the user account via a user-owned .htaccess (CVE-2011-2767) * arbitrary Perl code execution in the context of the user account via a user-owned .htaccess (CVE-2011-2767)
--- mirror/ftp/4.2/unmaintained/4.2-4/source/libapache2-mod-perl2_2.0.9~1624218-2+deb8u2.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/libapache2-mod-perl2_2.0.9~1624218-2+deb8u3.dsc @@ -1,3 +1,14 @@ +2.0.9~1624218-2+deb8u3 [Tue, 18 Sep 2018 19:59:36 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2011-2767: + Jan Ingvoldstad discovered that libapache2-mod-perl2 allows attackers to + execute arbitrary Perl code by placing it in a user-owned .htaccess file, + because (contrary to the documentation) there is no configuration option + that permits Perl code for the administrator's control of HTTP request + processing without also permitting unprivileged users to run Perl code in + the context of the user account that runs Apache HTTP Server processes. + 2.0.9~1624218-2+deb8u2 [Wed, 14 Jun 2017 14:39:56 +0300] Niko Tyni <ntyni@debian.org>: * Patch the test suite for apache2_2.4.10-10+deb8u8 compatibility. <http://10.200.17.11/4.2-5/#6689631644436615149>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 19907dfde4 Bug #47847: libapache2-mod-perl2 2.0.9~1624218-2+deb8u3 doc/errata/staging/libapache2-mod-perl2.yaml | 6 ------ 1 file changed, 6 deletions(-) [4.2-5] faaa27c79a Bug #47847: libapache2-mod-perl2 2.0.9~1624218-2+deb8u3 doc/errata/staging/libapache2-mod-perl2.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
<http://errata.software-univention.de/ucs/4.2/519.html>