oss-sec mailing list archives
Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values
From: Yann Ylavic <ylavic.dev () gmail com>
Date: Tue, 27 Mar 2018 10:58:50 +0200
Hi Dago, On Mon, Mar 26, 2018 at 9:42 PM, Dagobert [...] wrote:
Am 26.03.2018 um 07:06 schrieb Daniel Ruggeri:Users of (the now end-of-life) httpd 2.2 who cannot upgrade at this time should apply CVE-2017-15710.patch, which is available at https://www.apache.org/dist/httpd/patches/apply_to_2.2.34/This link does not exist, there is only https://www.apache.org/dist/httpd/patches/apply_to_2.4.27/
Thanks for noticing and letting us know. The 2.2 version of httpd has ended its long life and went to the attic (almost simultaneously with this announcement): https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/ Regards, Yann.
Current thread:
- CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Daniel Ruggeri (Mar 24)
- Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Marius Bakke (Mar 25)
- <Possible follow-ups>
- Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Yann Ylavic (Mar 27)