diff options
author | Clement Laforet <clement@FreeBSD.org> | 2006-07-27 20:26:29 +0000 |
---|---|---|
committer | Clement Laforet <clement@FreeBSD.org> | 2006-07-27 20:26:29 +0000 |
commit | b5c6eb5f0ed2273002d95322af6cc48cc1416c73 (patch) | |
tree | 7da373e7ee6d8ff12425e8840e7b2805efd9f12d /www/apache13-ssl | |
parent | 1438e33cae8ca35649bdbf52409a5844e0d74cf1 (diff) | |
download | ports-b5c6eb5f0ed2273002d95322af6cc48cc1416c73.tar.gz ports-b5c6eb5f0ed2273002d95322af6cc48cc1416c73.zip |
- Fix security issue in mod_rewrite.
All people using mod_rewrite are strongly encouraged to update.
An off-by-one flaw exists in the Rewrite module, mod_rewrite.
Depending on the manner in which Apache httpd was compiled, this
software defect may result in a vulnerability which, in combination
with certain types of Rewrite rules in the web server configuration
files, could be triggered remotely. For vulnerable builds, the nature
of the vulnerability can be denial of service (crashing of web server
processes) or potentially allow arbitrary code execution.
This issue has been rated as having important security impact
by the Apache HTTP Server Security Team
Updates to latest versions will follow soon.
Notified by: so@ (simon)
Obtained from: Apache Security Team
Security: CVE-2006-3747
Notes
Notes:
svn path=/head/; revision=168904
Diffstat (limited to 'www/apache13-ssl')
-rw-r--r-- | www/apache13-ssl/Makefile | 2 | ||||
-rw-r--r-- | www/apache13-ssl/files/patch-secfix-CVE-2006-3747 | 13 |
2 files changed, 14 insertions, 1 deletions
diff --git a/www/apache13-ssl/Makefile b/www/apache13-ssl/Makefile index 868712ed3e45..ecb957853d1d 100644 --- a/www/apache13-ssl/Makefile +++ b/www/apache13-ssl/Makefile @@ -9,7 +9,7 @@ PORTNAME= apache+ssl PORTVERSION= ${APACHE_VERSION}.${APACHE_SSL_VERSION} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www security MASTER_SITES= ${MASTER_SITE_APACHE_HTTPD} \ ${MASTER_SITES_APACHE_SSL:S/$/:ssl/} diff --git a/www/apache13-ssl/files/patch-secfix-CVE-2006-3747 b/www/apache13-ssl/files/patch-secfix-CVE-2006-3747 new file mode 100644 index 000000000000..fc06bed772bb --- /dev/null +++ b/www/apache13-ssl/files/patch-secfix-CVE-2006-3747 @@ -0,0 +1,13 @@ +Index: src/modules/standard/mod_rewrite.c +=================================================================== +--- src/modules/standard/mod_rewrite.c (revision 421288) ++++ src/modules/standard/mod_rewrite.c (working copy) +@@ -2736,7 +2736,7 @@ + int c = 0; + + token[0] = cp = ap_pstrdup(p, cp); +- while (*cp && c < 5) { ++ while (*cp && c < 4) { + if (*cp == '?') { + token[++c] = cp + 1; + *cp = '\0'; |