httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From iga...@apache.org
Subject svn commit: r1334700 - in /httpd/site/trunk/content/security: vulnerabilities_24.mdtext vulnerabilities_24.xml
Date Sun, 06 May 2012 17:09:23 GMT
Author: igalic
Date: Sun May  6 17:09:22 2012
New Revision: 1334700

URL: http://svn.apache.org/viewvc?rev=1334700&view=rev
Log:
anakia2markdown.xslt security/vulnerabies_24.xml

Added:
    httpd/site/trunk/content/security/vulnerabilities_24.mdtext
      - copied, changed from r1334697, httpd/site/trunk/content/security/vulnerabilities_24.xml
Removed:
    httpd/site/trunk/content/security/vulnerabilities_24.xml

Copied: httpd/site/trunk/content/security/vulnerabilities_24.mdtext (from r1334697, httpd/site/trunk/content/security/vulnerabilities_24.xml)
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security/vulnerabilities_24.mdtext?p2=httpd/site/trunk/content/security/vulnerabilities_24.mdtext&p1=httpd/site/trunk/content/security/vulnerabilities_24.xml&r1=1334697&r2=1334700&rev=1334700&view=diff
==============================================================================
--- httpd/site/trunk/content/security/vulnerabilities_24.xml (original)
+++ httpd/site/trunk/content/security/vulnerabilities_24.mdtext Sun May  6 17:09:22 2012
@@ -1,55 +1,54 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<document>
-<properties>
-<author email="security@httpd.apache.org">Apache HTTP Server Security Team</author>
-<title>Apache httpd 2.4 vulnerabilities</title>
-</properties>
-<body>
-<section id="top">
-<title>Apache httpd 2.4 vulnerabilities</title>
-<p>This page lists all security vulnerabilities fixed in released
-versions of Apache httpd 2.4.  Each
-vulnerability is given a security <a href="/security/impact_levels.html">impact rating</a>
by the Apache
-security team - please note that this rating may well vary from
-platform to platform.  We also list the versions of Apache httpd the
-flaw is known to affect, and where a flaw has not been verified list
-the version with a question mark.  </p>
-<p> Please note that if a vulnerability is shown below as being fixed
-in a "-dev" release then this means that a fix has been applied to
-the development source tree and will be part of an upcoming full release.</p>
-<p> This page is created from a database of vulnerabilities originally
-populated by Apache Week.  Please send comments or corrections for
-these vulnerabilities to the <a href="/security_report.html">Security
-Team</a>.  </p>
-<p><em>The initial GA release, Apache httpd 2.4.1, includes fixes for all vulnerabilities
which have been resolved in Apache httpd 2.2.22 and all older releases.  Consult the <a
href="vulnerabilities_22.html">Apache httpd 2.2 vulnerabilities list</a> for more
information.</em></p>
-</section>
-<section id="2.4.2">
-<title>
-Fixed in Apache httpd 2.4.2</title>
-<dl>
-<dd>
-<b>low: </b>
-<b>
-<name name="CVE-2012-0883">insecure LD_LIBRARY_PATH handling</name>
-</b>
-<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883">CVE-2012-0883</a>
-<p>
-Insecure handling of LD_LIBRARY_PATH was found that could
-lead to the current working directory to be searched for DSOs.
-This could allow a local user to execute code as root if an
-administrator runs apachectl from an untrusted directory.
-</p>
-</dd>
-<dd>
-  Reported to security team: 14th February 2012<br/>
-  Issue public: 2nd March 2012<br/>
-  Update released: 17th April 2012<br/>
-</dd>
-<dd>
-      Affected: 
-    2.4.1<p/>
-</dd>
-</dl>
-</section>
-</body>
-</document>
+Title: Apache httpd 2.4 vulnerabilities
+Notice:    Licensed to the Apache Software Foundation (ASF) under one
+           or more contributor license agreements.  See the NOTICE file
+           distributed with this work for additional information
+           regarding copyright ownership.  The ASF licenses this file
+           to you under the Apache License, Version 2.0 (the
+           "License"); you may not use this file except in compliance
+           with the License.  You may obtain a copy of the License at
+           .
+             http://www.apache.org/licenses/LICENSE-2.0
+           .
+           Unless required by applicable law or agreed to in writing,
+           software distributed under the License is distributed on an
+           "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+           KIND, either express or implied.  See the License for the
+           specific language governing permissions and limitations
+           under the License.
+
+# Apache httpd 2.4 vulnerabilities # {#top}
+
+This page lists all security vulnerabilities fixed in released versions of
+Apache httpd 2.4. Each vulnerability is given a security [impact
+rating](/security/impact_levels.html) by the Apache security team - please
+note that this rating may well vary from platform to platform. We also list
+the versions of Apache httpd the flaw is known to affect, and where a flaw
+has not been verified list the version with a question mark.
+
+Please note that if a vulnerability is shown below as being fixed in a
+"-dev" release then this means that a fix has been applied to the
+development source tree and will be part of an upcoming full release.
+
+This page is created from a database of vulnerabilities originally
+populated by Apache Week. Please send comments or corrections for these
+vulnerabilities to the [Security Team](/security_report.html).
+
+*The initial GA release, Apache httpd 2.4.1, includes fixes for all
+vulnerabilities which have been resolved in Apache httpd 2.2.22 and all
+older releases. Consult the [Apache httpd 2.2 vulnerabilities
+list](vulnerabilities_22.html) for more information.* 
+
+# Fixed in Apache httpd 2.4.2 # {#2.4.2}
+
+:     **low:**	**<name name="CVE-2012-0883">insecure LD_LIBRARY_PATH
+      handling</name>** 
+      [CVE-2012-0883](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883) 
+Insecure handling of LD_LIBRARY_PATH was found that could lead to the
+current working directory to be searched for DSOs. This could allow a local
+user to execute code as root if an administrator runs apachectl from an
+untrusted directory.
+
+:    Reported to security team: 14th February 2012<br></br>Issue public:
+     2nd March 2012<br></br>Update released: 17th April 2012<br></br>
+:    Affected: 2.4.1
+



Mime
View raw message