[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 240-1] libapache-mod-jk security update



Package        : libapache-mod-jk
Version        : 1:1.2.30-1squeeze2
CVE ID         : CVE-2014-8111
Debian Bug     : 783233

An information disclosure flaw due to incorrect JkMount/JkUnmount
directives processing was found in the Apache 2 module mod_jk to forward
requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree
of a previous JkMount rule could be ignored. This could allow a remote attacker
to potentially access a private artifact in a tree that would otherwise not be
accessible to them.

For the squeeze distribution, this problem has been fixed in version
1:1.2.30-1squeeze2.

We recommend that you upgrade your libapache-mod-jk packages.

This update has been prepared by Markus Koschany.
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Attachment: signature.asc
Description: Digital signature


Reply to: