DOCUMENTATION

Views

Search

Toolbox

Advisories:rPSA-2008-0236

From rPath Wiki

Jump to: navigation, search

rPath Security Advisory 2008-0236-1

Published: 2008-07-28

Products

rPath Appliance Platform Linux Service 2
rPath Linux 2

Rating

Major

Exposure Level Classification

Remote System User Deterministic Privilege Escalation

Updated Versions

httpd=conary.rpath.com@rpl:2/2.2.9-1-0.1
mod_ssl=conary.rpath.com@rpl:2/2.2.9-1-0.1

rPath Issue Tracking System

RPL-2624

References

Description

Previous versions of the httpd package contain multiple vulnerabilities:

mod_proxy_balancer is vulnerable to a cross-site request forgery (CSRF)

attack in which a trusted user may be able to gain privileges, and

mod_proxy_http is vulnerable to a Denial of Service attack.

In its default configuration, rPath Linux 2 and rPath Appliance Platform

Linux Service 2 are not vulnerable to these attacks.

Copyright 2008 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html

Retrieved from "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0236"

Categories: Support Issue | Advisories