oss-sec mailing list archives

Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values

From: Yann Ylavic <ylavic.dev () gmail com>
Date: Tue, 27 Mar 2018 10:58:50 +0200

Hi Dago,

On Mon, Mar 26, 2018 at 9:42 PM, Dagobert [...] wrote:


Am 26.03.2018 um 07:06 schrieb Daniel Ruggeri:


Users of (the now end-of-life) httpd 2.2 who cannot upgrade at this time
should apply CVE-2017-15710.patch, which is available at

  https://www.apache.org/dist/httpd/patches/apply_to_2.2.34/


This link does not exist, there is only
  https://www.apache.org/dist/httpd/patches/apply_to_2.4.27/


Thanks for noticing and letting us know.

The 2.2 version of httpd has ended its long life and went to the attic
(almost simultaneously with this announcement):
  https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/

Regards,
Yann.

Current thread:

CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Daniel Ruggeri (Mar 24)
- Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Marius Bakke (Mar 25)
  - Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Yann Ylavic (Mar 25)
    - Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Yann Ylavic (Mar 26)
- <Possible follow-ups>
- Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values Yann Ylavic (Mar 27)