Bug 18871

Summary: apache new security issue CVE-2016-4979
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Thomas Backlund <tmb>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: tmb
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/694240/
Whiteboard:
Source RPM: apache-2.4.20-3.mga6.src.rpm CVE:
Status comment:

Description David Walser 2016-07-05 20:15:44 CEST 
A security issue in Apache HTTPD has been announced today (July 5):
http://openwall.com/lists/oss-security/2016/07/05/5

This sounds like a serious issue for organizations that are using client certificates to access (usually internal) websites.

The issue has been fixed upstream in 2.4.23, and r1750779 in their SVN.

Mageia 5 is not affected.
Comment 1 Thomas Backlund 2016-07-06 03:40:18 CEST 
I pushed 2.4.23 to cauldron along with fixes for systemd 230 detection

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED
Assignee: bugsquad => tmb

David Walser 2016-07-12 19:05:40 CEST

URL: (none) => http://lwn.net/Vulnerabilities/694240/