Mandriva Linux Security Advisory : apache (MDVSA-2013:174)
Medium Nessus Plugin ID 66899
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been found and corrected in apache :
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator (CVE-2013-1862).
A buffer overflow when reading digest password file with very long lines in htdigest was discovered (PR 54893).
The updated packages have been patched to correct these issues.
SolutionUpdate the affected packages.