OpenBSD Journal

Security fix for Apache

Contributed by grey on from the a patchy ape ecchi apt itchy dept.

Thanks to Brad Smith for letting us know that there is a new patch available for Apache. You can find the patch here for 3.4 and here for 3.5. The description for this patch is as follows:

httpd(8) 's mod_rewrite module can be made to write one zero byte in an arbitrary memory position outside of a char array, causing a DoS or possibly buffer overflows. This would require enabling dbm for mod_rewrite and making use of a malicious dbm file.

As always, you can also check for this information.

(Comments are closed)


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]