LD_LIBRARY_PATH issue in 2.2.22 and earlier

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: LD_LIBRARY_PATH issue in 2.2.22 and earlier
From: Luke Lozier <luke@xxxxxxxxxxxxxxx>
Date: Thu, 24 May 2012 13:05:10 -0400
Reply-to: users@xxxxxxxxxxxxxxxx

One of the PCI scanning companies is demanding an upgrade to 2.4.2 due to the issues described in this CVE:

Changes with Apache 2.2.23

  *) SECURITY: CVE-2012-0883 (cve.mitre.org)
     envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
     current working directory to be searched for DSOs. [Stefan Fritsch]

Is there any idea when 2.2.23 will be released? I'd rather not upgrade to 2.4.2

Apologies if this is the wrong list for this.

Best,

Luke Lozier

---

Bibliopolis, LLC

Berkeley | Pittsburgh

http://www.bibliopolis.com

Follow-Ups:
- Re: LD_LIBRARY_PATH issue in 2.2.22 and earlier
  - From: William A. Rowe Jr.
- Re: LD_LIBRARY_PATH issue in 2.2.22 and earlier
  - From: Mark Montague
- Re: LD_LIBRARY_PATH issue in 2.2.22 and earlier
  - From: John Iliffe

Prev by Date: RE: Proxy streaming of files
Next by Date: Re: LD_LIBRARY_PATH issue in 2.2.22 and earlier
Previous by thread: Rewrite Role: navigation toolbar trouble
Next by thread: Re: LD_LIBRARY_PATH issue in 2.2.22 and earlier
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]

Powered by Linux