oss-sec mailing list archives
Re: CVE request: MPM-ITK module for Apache HTTPD
From: "Steinar H. Gunderson" <sgunderson () bigfoot com>
Date: Mon, 21 Mar 2011 22:49:27 +0100
On Mon, Mar 21, 2011 at 04:24:38PM -0400, Josh Bressers wrote:
In certain configurations, the MPM-ITK module for Apache HTTPD serves a request as root user instead of the run user configured in the HTTPD configuration: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857Please use CVE-2011-1176
Thanks. Here are the relevant announcements (with patches): http://lists.err.no/pipermail/mpm-itk/2011-March/000393.html http://lists.err.no/pipermail/mpm-itk/2011-March/000394.html /* Steinar */ -- Homepage: http://www.sesse.net/
Current thread:
- CVE request: MPM-ITK module for Apache HTTPD Stefan Fritsch (Mar 20)
- Re: CVE request: MPM-ITK module for Apache HTTPD Josh Bressers (Mar 21)
- Re: CVE request: MPM-ITK module for Apache HTTPD Steinar H. Gunderson (Mar 21)
- Re: CVE request: MPM-ITK module for Apache HTTPD Josh Bressers (Mar 21)