Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3278-1] libapache-mod-jk security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3278-1] libapache-mod-jk security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Markus Koschany <apo AT gambaru.de>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3278-1] libapache-mod-jk security update
  • Date: Wed, 03 Jun 2015 19:14:32 +0000
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <carnil AT master.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 3 Jun 2015 19:14:50 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <Aqb4x1ejWlF.A.ltC.qI1bVB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3278-1 security AT debian.org
http://www.debian.org/security/ Markus Koschany
June 03, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libapache-mod-jk
CVE ID : CVE-2014-8111
Debian Bug : 783233

An information disclosure flaw due to incorrect JkMount/JkUnmount
directives processing was found in the Apache 2 module mod_jk to forward
requests from the Apache web server to Tomcat. A JkUnmount rule for a
subtree of a previous JkMount rule could be ignored. This could allow a
remote attacker to potentially access a private artifact in a tree that
would otherwise not be accessible to them.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1:1.2.37-1+deb7u1.

For the stable distribution (jessie), this problem has been fixed in
version 1:1.2.37-4+deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 1:1.2.40+svn150520-1.

For the unstable distribution (sid), this problem has been fixed in
version 1:1.2.40+svn150520-1.

We recommend that you upgrade your libapache-mod-jk packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVb0AhAAoJEAVMuPMTQ89Ef+gP/1e6ZRHna5rrHYiaclwnWg8Y
YHIjWwqfsnldjqfTirrBtf9TlLZrqIUHhaeaA0PEbzvzqVfh5QToOvvMeFHqXLS2
4eSmUtc3hb5BQlSvPsuP5RzeDYPy0S2zRaJlQ6dKSXmxb3Zh1drjxUg9kzpEGU9v
ykwDIRO7w+YpfcNqoxldgL0JOngMa9Qhl/wSwLV559wrESiSp2QifN/JZz2YRvsp
XeZvCHV5dHYJLfCOn3bQ6QRf0votEFObrW2T14noo/Srxv1n+4sstql7bCDbKW8c
O3SrlEk7HX5N4qPlG8Jo288NH1gqxXbuJ9SqF1MlIJsYE2UWT2nydfHVM1vMH23+
Spfd51SfmrK2GSOg2tna29BDGInDZ0Tud+GqsTKMMICgtg7SCK4FIrZYhhFFompG
li9h7DE96Cbv6J5a8JSIYg/kyzFOO8VcYakOUOJ2Oyo8Tv2a6GJLF9azjsThE7bv
LBUWbk2cOsd98BYtsUwFKJhqQLBvRCYnw85/WbC8EDmkbyrxIKf0uaF1e6vc9qV9
4OKmIgbNageXDzrfnc9PrwZ05xPiPhFJUk3Bu3XzosMzqU7XBPhtjkvPGJGcMv9g
cCepn+vtFQFBR612a4Gm16XN068zbnBR8VHx3PRNIVkPyhoxR55RdFtwPL7FCHX0
XVZyRUFDwW4cMiJnJ49U
=M39D
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: E1Z0E7U-0004Bc-Jv AT master.debian.org">https://lists.debian.org/E1Z0E7U-0004Bc-Jv AT master.debian.org



  • [IT-SecNots] [SECURITY] [DSA 3278-1] libapache-mod-jk security update, Markus Koschany, 03.06.2015

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang