Mandriva Linux Security Advisory : apache (MDVSA-2012:154-1)
Medium Nessus Plugin ID 62386
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been found and corrected in apache (ASF HTTPD) :
Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory (CVE-2012-0883).
Possible XSS for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled (CVE-2012-2687).
The updated packages have been upgraded to the latest 2.2.23 version which is not vulnerable to these issues.
Packages for Mandriva Linux 2011 is also being provided.
SolutionUpdate the affected packages.