Full Disclosure mailing list archives
[SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update
From: white () debian org (Steffen Joeris)
Date: Tue, 19 Jul 2011 10:49:15 +1000 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2279-1 security () debian org http://www.debian.org/security/ Steffen Joeris July 19, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libapache2-mod-authnz-external Vulnerability : SQL injection Problem type : remote Debian-specific: no CVE ID : CVE-2011-2688 Debian Bug : 633637 It was discovered that libapache2-mod-authnz-external, an apache authentication module, is prone to an SQL injection via the $user paramter. For the stable distribution (squeeze), this problem has been fixed in version 3.2.4-2+squeeze1. The oldstable distribution (lenny) does not contain libapache2-mod-authnz-external For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 3.2.4-2.1. We recommend that you upgrade your libapache2-mod-authnz-external packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce () lists debian org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk4k068ACgkQ62zWxYk/rQdEcACgl9otukAtTDPLIWRr8b7JlbCn gKYAniArSm7L6ND92ROY1fVsDgiKXD7R =07Sp -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update Steffen Joeris (Jul 19)