Sicherheit: Ausführen beliebiger Kommandos in mod_perl
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in mod_perl
ID: FEDORA-2018-f6a5b71464
Distribution: Fedora
Plattformen: Fedora 29
Datum: Fr, 21. September 2018, 08:06
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2767
Applikationen: mod_perl


Fedora Update Notification
2018-09-21 05:19:39.103387

Name : mod_perl
Product : Fedora 29
Version : 2.0.10
Release : 13.fc29
URL : http://perl.apache.org/
Summary : An embedded Perl interpreter for the Apache HTTP Server
Description :
Mod_perl incorporates a Perl interpreter into the Apache web server,
so that the Apache web server can directly execute Perl code.
Mod_perl links the Perl run-time library into the Apache web server and
provides an object-oriented Perl interface for Apache's C language
API. The end result is a quicker CGI script turnaround process, since
no external Perl interpreter has to be started.

Install mod_perl if you're installing the Apache web server and you'd
like for it to directly incorporate a Perl interpreter.

Update Information:

This release fixes CVE-2011-2767 vulnerability (an arbitrary Perl code
in the context of the httpd server) by disabling <Perl> sections in
level configuration.

[ 1 ] Bug #1623265 - CVE-2011-2767 mod_perl: arbitrary Perl code execution in
the context of the user account via a user-owned .htaccess

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-f6a5b71464' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux @Twitter
Neue Nachrichten