Fedora has issued an advisory today (September 7):
More details in the RedHat bug:
Mageia 5 and Mageia 6 are also affected.
Assigning to the registered maintainer.
apache-mod_perl-2.0.10-5.mga7 submitted for cauldron
apache-mod_perl-2.0.10-1.1.mga6 submitted for mga6
It didn't build.
apache-mod_perl-2.0.10-6.mga7 and apache-mod_perl-2.0.10-1.1.mga6 have been uploaded
Updated apache-mod_perl packages fix security vulnerability:
A flaw was found in mod_perl 2.0 through 2.0.10 which allows attackers to
execute arbitrary Perl code by placing it in a user-owned .htaccess file,
because (contrary to the documentation) there is no configuration option that
permits Perl code for the administrator's control of HTTP request processing
without also permitting unprivileged users to run Perl code in the context of
the user account that runs Apache HTTP Server processes (CVE-2011-2767).
Updated packages in core/updates_testing:
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues
# urpmq --whatrequires apache-mod_perl
but nothing came out that I could put my teeth in.
Is clean install OK???
Also use httpd -M to make sure it loaded the module OK and that Apache runs with it without crashing.
httpd -M shows amongst others:
Sufficient for OK'ing????
If that's all you can do. Would be nice to test that it doesn't crash if possible.
I used apache in bug 23826 with this update, and another one Which is gone from the update list now.