Mandriva Linux Security Advisory : apache (MDVSA-2013:015-1)
Medium Nessus Plugin ID 64902
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been found and corrected in apache (ASF HTTPD) :
Various XSS (cross-site scripting vulnerability) flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp (CVE-2012-3499).
XSS (cross-site scripting vulnerability) in mod_proxy_balancer manager interface (CVE-2012-4558).
Additionally the ASF bug 53219 was resolved which provides a way to mitigate the CRIME attack vulnerability by disabling TLS-level compression. Use the new directive SSLCompression on|off to enable or disable TLS-level compression, by default SSLCompression is turned on.
The updated packages have been upgraded to the latest 2.2.24 version which is not vulnerable to these issues.
SolutionUpdate the affected packages.