[oe-commits] Kang Kai : apache: add fix for CVE-2014-0117 Security Advisory
git at git.openembedded.org
git at git.openembedded.org
Thu Oct 30 08:04:20 UTC 2014
Module: meta-openembedded.git
Branch: master-next
Commit: ea717f70e1dc229304618e1efd9e2aaa9e839c68
URL: http://git.openembedded.org/?p=meta-openembedded.git&a=commit;h=ea717f70e1dc229304618e1efd9e2aaa9e839c68
Author: Kang Kai <kai.kang at windriver.com>
Date: Wed Oct 29 09:40:08 2014 +0800
apache: add fix for CVE-2014-0117 Security Advisory
The patch comes from upstream:
http://svn.apache.org/viewvc?view=revision&revision=1610674
SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse proxy
configuration, a remote attacker could send a carefully crafted request which
could crash a server process, resulting in denial of service.
Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting
this issue.
Submitted by: Edward Lu, breser, covener
Signed-off-by: Zhang Xiao <xiao.zhang at windriver.com>
Signed-off-by: Kai Kang <kai.kang at windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
---
.../apache2/apache2/apache-CVE-2014-0117.patch | 289 +++++++++++++++++++++
.../recipes-httpd/apache2/apache2_2.4.10.bb | 4 +-
2 files changed, 292 insertions(+), 1 deletion(-)
Diff: http://git.openembedded.org/?p=meta-openembedded.git/?a=commitdiff;h=ea717f70e1dc229304618e1efd9e2aaa9e839c68
More information about the Openembedded-commits
mailing list