[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] SUSE Security Announcement: apache,apache2 mod_rewrite problem (SUSE-SA:2006:043)
On Sat, Jul 29, 2006 at 12:45:03AM +0200, Christian Boltz wrote:
> Am Freitag, 28. Juli 2006 17:22 schrieb Marcus Meissner:
> > The following security problem was fixed in the Apache and Apache
> > 2 web servers:
> > mod_rewrite: Fix an off-by-one security problem in the ldap scheme
> > handling.
> Does this mean that this vulnerability only happens when I use LDAP
> _and_ mod_rewrite with Apache?
> Or does a "simple" use of mod_rewrite without LDAP also have this
> (Or does ldap mean anything else than the (in)famous directory service
> Some clarification would be helpful ;-)
> (The announcement on apache.org does not even mention LDAP...)
Then I might have made a mistake there, but the vicinity of the patch
handles ldap urls.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here