15196 – apache new security issue CVE-2014-3583

Bug 15196 - apache new security issue CVE-2014-3583

Summary: apache new security issue CVE-2014-3583

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/635281/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-02-03 19:37 CET by David Walser
Modified:	2015-03-02 22:36 CET (History)
CC List:	0 users

See Also:
Source RPM:	apache-2.4.10-11.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-02-03 19:37:13 CET

Apache 2.4.12 has been announced on January 29:
http://www.apache.org/dist/httpd/Announcement2.4.html

It fixes four security issues, three of which we have already previously fixed.

CVE-2014-3583 is the new one:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583

According to the RedHat bug, only 2.4.10 is affected:
https://bugzilla.redhat.com/show_bug.cgi?id=1163555

Reproducible: 

Steps to Reproduce:

Comment 1 David Walser 2015-02-04 16:15:43 CET

Fixed in apache-2.4.10-12.mga5.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-03-02 22:36:50 CET

URL: (none) => http://lwn.net/Vulnerabilities/635281/

Note You need to log in before you can comment on or make changes to this bug.