remote denial of service

Please Install the Updated Packages.

Several bugs were fixed in the Apache2 web server. The update includes fixes for the following security issues: - CVE-2006-5752: mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset &quot detection&quot . - CVE-2007-1863: mod_cache: Prevent a segmentation fault if attributes are listed in a Cache-Control header without any value. - CVE-2007-3304: prefork, worker, event MPMs: Ensure that the parent process cannot be forced to kill processes outside its process group. - CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. - CVE-2007-4465: mod_autoindex: Add in ContentType and Charset options to IndexOptions directive. This allows the admin to explicitly set the Content-Type and Charset of the generated page. and the following non-security issues: - get_module_list: replace loadmodule.conf atomically - Fixed broken SSLVerifyClient directive handling when global none and location required is configured (httpd-2.0.x-bnc-309234-ssl-renegotiation.patch) - Use File::Temp to create good tmpdir in logresolve.pl2 (httpd-2.x.x-logresolve.patch)

apache2 on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE SLES 9, Novell Linux Desktop 9 SDK, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1

• http://www.novell.com/linux/security/advisories/2007_61_apache2.html

---

Updated on 2015-03-25