Red Hat Security Advisory 2018-2737-01

Red Hat Security Advisory 2018-2737-01: Posted Sep 24, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-2737-01 - Mod_perl incorporates a Perl interpreter into the Apache web server, such that the Apache HTTP server can directly execute Perl code. Issues addressed include a code execution vulnerability.; tags | advisory, web, perl, code execution; systems | linux, redhat; advisories | CVE-2011-2767; SHA-256 | 6202248d90e51e0eb67ade76fd24b34a15dd2acfd30c4bbe4ca1cbf8a415d0b6; Download | Favorite | View

Red Hat Security Advisory 2018-2737-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: mod_perl security update
Advisory ID:       RHSA-2018:2737-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2737
Issue date:        2018-09-24
CVE Names:         CVE-2011-2767 
=====================================================================

1. Summary:

An update for mod_perl is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Mod_perl incorporates a Perl interpreter into the Apache web server, such
that the Apache HTTP server can directly execute Perl code.

Security Fix(es):

* mod_perl: arbitrary Perl code execution in the context of the user
account via a user-owned .htaccess (CVE-2011-2767)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1623265 - CVE-2011-2767 mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
mod_perl-2.0.4-12.el6_10.src.rpm

i386:
mod_perl-2.0.4-12.el6_10.i686.rpm
mod_perl-debuginfo-2.0.4-12.el6_10.i686.rpm

x86_64:
mod_perl-2.0.4-12.el6_10.x86_64.rpm
mod_perl-debuginfo-2.0.4-12.el6_10.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386:
mod_perl-debuginfo-2.0.4-12.el6_10.i686.rpm
mod_perl-devel-2.0.4-12.el6_10.i686.rpm

x86_64:
mod_perl-debuginfo-2.0.4-12.el6_10.i686.rpm
mod_perl-debuginfo-2.0.4-12.el6_10.x86_64.rpm
mod_perl-devel-2.0.4-12.el6_10.i686.rpm
mod_perl-devel-2.0.4-12.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
mod_perl-2.0.4-12.el6_10.src.rpm

x86_64:
mod_perl-2.0.4-12.el6_10.x86_64.rpm
mod_perl-debuginfo-2.0.4-12.el6_10.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64:
mod_perl-debuginfo-2.0.4-12.el6_10.i686.rpm
mod_perl-debuginfo-2.0.4-12.el6_10.x86_64.rpm
mod_perl-devel-2.0.4-12.el6_10.i686.rpm
mod_perl-devel-2.0.4-12.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
mod_perl-2.0.4-12.el6_10.src.rpm

i386:
mod_perl-2.0.4-12.el6_10.i686.rpm
mod_perl-debuginfo-2.0.4-12.el6_10.i686.rpm

ppc64:
mod_perl-2.0.4-12.el6_10.ppc64.rpm
mod_perl-debuginfo-2.0.4-12.el6_10.ppc64.rpm

s390x:
mod_perl-2.0.4-12.el6_10.s390x.rpm
mod_perl-debuginfo-2.0.4-12.el6_10.s390x.rpm

x86_64:
mod_perl-2.0.4-12.el6_10.x86_64.rpm
mod_perl-debuginfo-2.0.4-12.el6_10.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386:
mod_perl-debuginfo-2.0.4-12.el6_10.i686.rpm
mod_perl-devel-2.0.4-12.el6_10.i686.rpm

ppc64:
mod_perl-debuginfo-2.0.4-12.el6_10.ppc.rpm
mod_perl-debuginfo-2.0.4-12.el6_10.ppc64.rpm
mod_perl-devel-2.0.4-12.el6_10.ppc.rpm
mod_perl-devel-2.0.4-12.el6_10.ppc64.rpm

s390x:
mod_perl-debuginfo-2.0.4-12.el6_10.s390.rpm
mod_perl-debuginfo-2.0.4-12.el6_10.s390x.rpm
mod_perl-devel-2.0.4-12.el6_10.s390.rpm
mod_perl-devel-2.0.4-12.el6_10.s390x.rpm

x86_64:
mod_perl-debuginfo-2.0.4-12.el6_10.i686.rpm
mod_perl-debuginfo-2.0.4-12.el6_10.x86_64.rpm
mod_perl-devel-2.0.4-12.el6_10.i686.rpm
mod_perl-devel-2.0.4-12.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
mod_perl-2.0.4-12.el6_10.src.rpm

i386:
mod_perl-2.0.4-12.el6_10.i686.rpm
mod_perl-debuginfo-2.0.4-12.el6_10.i686.rpm

x86_64:
mod_perl-2.0.4-12.el6_10.x86_64.rpm
mod_perl-debuginfo-2.0.4-12.el6_10.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386:
mod_perl-debuginfo-2.0.4-12.el6_10.i686.rpm
mod_perl-devel-2.0.4-12.el6_10.i686.rpm

x86_64:
mod_perl-debuginfo-2.0.4-12.el6_10.i686.rpm
mod_perl-debuginfo-2.0.4-12.el6_10.x86_64.rpm
mod_perl-devel-2.0.4-12.el6_10.i686.rpm
mod_perl-devel-2.0.4-12.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2011-2767
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW6kIZdzjgjWX9erEAQhswA/+NYlTogwmQAmw6gqyKKLY6Z4I2mtBFfLz
RvjDFblt2S/OdRIUAKsrrZ2zska2+2Y4hyaOItMqG2xNASQRwiDWeLM30Zekdfny
dj6k2Zjvdaymf3yRkO/eEb7AdS5+1WfpzKhJZVs+6JVGXloaCUoKThxCdxY/fyRa
HWXdkRoBup/mf90/VM2Bg8SM3EzdbHFZKtL6Ws7KewBkZ1sB5SyAv3HjYN9MDRBm
TUuu5SCwQPXu8x0QYHWOzrzMRo0AAu6/E6BtcPOedQpWYDdLS0H9NCzUbdI+dvyu
0ciLF24QR5vnQVf4X8CQOK87CyTOZ5QrieDMqnu8cfDkx0+ZY/lNfgTMmd/Ig5fJ
3scDkS9trMKZNADMiEjX2GJXrTGWKgIRXEaFlYhdjDQQ/2XfaVR1pfiXBe11cGD7
3SUyzCLo/3BYzCytxI1dA9JTI8en5/O6EigqNWL1HxKDJiEBoHets+Hp6DlBfP5B
b0ANDCLZt3v+kriksbJs594iAMEnSjYdEjMSemFJ7LF/9GyYfCjmPQ6GuQfNDgXk
VxsjH7+mlE2detrAKsyEN6sPNGPgu+oaFEAyK+3rV7lCSfGOf27v9y9s5fdmju9U
iO1o2NLVw1jBBVZ0/SnBLhbJhKZbCBwk5sJCpN198FBolN0HaJq3/P8E5UVFxx5I
nTnMyOkUq2M=
=QR+4
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Red Hat Security Advisory 2018-2737-01

Red Hat Security Advisory 2018-2737-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2018-2737-01

Share This

Red Hat Security Advisory 2018-2737-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems