Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 20: SECURITY: Cherokee Authentication Bypass Critical Update

fedora
Calendar Grey April 27, 2015
Dist Fedora Esm H88
The Debian security team has issued an update regarding apache2, focusing on a privilege escalation vulnerability linked to file permissions.
Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds

Summary

Cherokee is a very fast, flexible and easy to configure Web Server. It supports

the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL

encrypted connections, Virtual hosts, Authentication, on the fly encoding,

Apache compatible log files, and much more.

Update Information:

Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds

Topics%20covered

Topics Covered

security advisory critical Fedora update information authentication bypass cherokee Webserver

Change Log

* Wed Apr 15 2015 Pavel Lisý - 1.2.103-6 - Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds - Resolves bz 1094901 - cherokee: script and/or trigger should not directly enable systemd units - Resolves bz 959170 - cherokee-worker and cherokee-admin want to use execstack (EL5) * Sat Aug 16 2014 Fedora Release Engineering - 1.2.103-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering - 1.2.103-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed Mar 5 2014 Toshio Kuratomi - 1.2.103-3 - Remove the upstream cherokee logo due to: https://pagure.io/fesco/issue/1230 * Sat Aug 3 2013 Fedora Release Engineering - 1.2.103-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu May 16 2013 Pavel Lisý - 1.2.103-1 - latest 1.2.x upstream release - Resolves bz 961057 - RFE: Cherokee 1.2.103 is available - Resolves bz 961056 - RFE: Cherokee 1.2.103 is available - Resolves bz 954199 - cherokee 1.2.103 is available - Resolves bz 958337 - Update request for Cherokee - Resolves bz 858542 - Cherokee should not be built with trace/backtrace support for performance

References


[ 1 ] Bug #1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1114461 [ 2 ] Bug #1094901 - cherokee: script and/or trigger should not directly enable systemd units https://bugzilla.redhat.com/show_bug.cgi?id=1094901

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update cherokee' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: cherokee
Product: Fedora 20
Version: 1.2.103
Release: 6.fc20
URL: http://cherokee-project.com/
Summary: Flexible and Fast Webserver

Topics%20covered

Topics Covered

security advisory critical Fedora update information authentication bypass cherokee Webserver

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here