[SECURITY] [DLA 1507-1] libapache2-mod-perl2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1507-1] libapache2-mod-perl2 security update
From: Markus Koschany <apo@debian.org>
Date: Tue, 18 Sep 2018 21:31:02 +0200
Message-id: <[🔎] fc3c2d03-2736-c0b3-fa9e-aff68f54181e@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libapache2-mod-perl2
Version        : 2.0.9~1624218-2+deb8u3
CVE ID         : CVE-2011-2767
Debian Bug     : 644169

Jan Ingvoldstad discovered that libapache2-mod-perl2 allows attackers to
execute arbitrary Perl code by placing it in a user-owned .htaccess
file, because (contrary to the documentation) there is no configuration
option that permits Perl code for the administrator's control of HTTP
request processing without also permitting unprivileged users to run
Perl code in the context of the user account that runs Apache HTTP
Server processes.

For Debian 8 "Jessie", this problem has been fixed in version
2.0.9~1624218-2+deb8u3.

We recommend that you upgrade your libapache2-mod-perl2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAluhUnZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQLHg/9ESALW2OWY5gPTkboQk4ImVEwqT3Gy+yqQmJym99YWky/3iTEJQawDrs0
pX8UIDrC3VvSkjr2NzvCN7v5TV7ney76x/iqSLQDd3OvQ5M1yXyEDubZT1Qf9ckL
NWDLACRRWNW4qeglY1WSUWvSwfyDkCz/rxelS7sQJGsWvQtSkHtW9KJF0vGqL8VB
QEVmBBx8X0zyTTkz62N9KRSC46TbgbALEIV+ekFvrUgToAokmpzDFgunEQt3su+u
bv7R4BCTZXQdR9TFNH5uBKnQHVzaQEJuCNVOqDYxQxhDlCthJTn+QHF47xkZeCTO
1YL8twbEWrvMgZQdIJFTEvjHo+5J/qugPCRCvlH3lVPdeHFdGFY4syrhs8mO/sdd
tN3gj8cCi370ILScxFu4OoeUi39nQbb38Y/XrjovkUJw6BmdDCGkhuyCOusCT62A
6DlqbXyNPJT0XPFtQlKKJGRf6jl5QM98qZb11NdD0aW6ZkhKg3Q0IiNa7QnL7LWH
jTY5pfe+go87VLj//ov8SfcVbwF2Ris7Gs8gv0B6s8IptngkZZBy7ihmOKl6Jk2W
YRTjcOooGTL6ov1tzAHO/7Gb7cqhtgolYci9r8+jOkcUVgGsKwgxjf5/tFvjqP3G
merG5JjPdqji5/J5mE6nZEHz4ub6iIYZO+Aey2bVEtzkVERQhbw=
=Y7B+
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1506-1] intel-microcode security update
Next by Date: [SECURITY] [DLA 1508-1] suricata security update
Previous by thread: [SECURITY] [DLA 1506-1] intel-microcode security update
Next by thread: [SECURITY] [DLA 1508-1] suricata security update
Index(es):
- Date
- Thread