| Description: | Summary:
The remote host is missing an update for the 'httpd' package(s) announced via the SSA:2013-218-02 advisory.
Vulnerability Insight:
New httpd packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix security issues.
Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.6-i486-1_slack14.0.txz: Upgraded.
This update addresses two security issues:
* SECURITY: CVE-2013-1896 (cve.mitre.org) Sending a MERGE request against
a URI handled by mod_dav_svn with the source href (sent as part of the
request body as XML) pointing to a URI that is not configured for DAV
will trigger a segfault.
* SECURITY: CVE-2013-2249 (cve.mitre.org) mod_session_dbd: Make sure that
dirty flag is respected when saving sessions, and ensure the session ID
is changed each time the session changes. This changes the format of the
updatesession SQL statement. Existing configurations must be changed.
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+
Affected Software/OS:
'httpd' package(s) on Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware current.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
