Security update for Apache

SUSE Security Update: Security update for Apache
Announcement ID: SUSE-SU-2013:0648-2
Rating: moderate
References: #806458 #807152
Affected Products:
  • SUSE Linux Enterprise Server 10 SP3 LTSS

  • An update that fixes two vulnerabilities is now available.

    Description:


    Apache2 has been updated to fix multiple security issues:

    This update fixes the following issues:

    *

    CVE-2012-4558: Multiple cross-site scripting (XSS)
    vulnerabilities in the balancer_handler function in the
    manager interface in mod_proxy_balancer.c in the
    mod_proxy_balancer module in the Apache HTTP Server
    potentially allowed remote attackers to inject arbitrary
    web script or HTML via a crafted string.

    *

    CVE-2012-3499: Multiple cross-site scripting (XSS)
    vulnerabilities in the Apache HTTP Server allowed remote
    attackers to inject arbitrary web script or HTML via
    vectors involving hostnames and URIs in the (1)
    mod_imagemap, (2) mod_info, (3) mod_ldap, (4)
    mod_proxy_ftp, and (5) mod_status modules.

    Security Issue references:

    * CVE-2012-3499
    >
    * CVE-2012-4558
    >

    Package List:

    • SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):
    • apache2-2.2.3-16.32.47.1
    • apache2-devel-2.2.3-16.32.47.1
    • apache2-doc-2.2.3-16.32.47.1
    • apache2-example-pages-2.2.3-16.32.47.1
    • apache2-prefork-2.2.3-16.32.47.1
    • apache2-worker-2.2.3-16.32.47.1

    References:

    • http://support.novell.com/security/cve/CVE-2012-3499.html
    • http://support.novell.com/security/cve/CVE-2012-4558.html
    • https://bugzilla.novell.com/806458
    • https://bugzilla.novell.com/807152
    • http://download.suse.com/patch/finder/?keywords=db2ce8dd6eaaf22f8adf423716a58826