Date: Thu, 6 Nov 2014 20:50:10 +0000
Reply-To: scientific-linux-users@listserv.fnal.gov
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Subject: Security ERRATA Important: mod_auth_mellon on SL6.x i386/x86_64
MIME-Version: 1.0
Synopsis: Important: mod_auth_mellon security update
Advisory ID: SLSA-2014:1803-1
Issue Date: 2014-11-05
CVE Numbers: CVE-2014-8566
CVE-2014-8567
--
An information disclosure flaw was found in mod_auth_mellon's session
handling that could lead to sessions overlapping in memory. A remote
attacker could potentially use this flaw to obtain data from another
user's session. (CVE-2014-8566)
It was found that uninitialized data could be read when processing a
user's logout request. By attempting to log out, a user could possibly
cause the Apache HTTP Server to crash. (CVE-2014-8567)
--
SL6
x86_64
mod_auth_mellon-0.8.0-3.el6_6.x86_64.rpm
mod_auth_mellon-debuginfo-0.8.0-3.el6_6.x86_64.rpm
i386
mod_auth_mellon-0.8.0-3.el6_6.i686.rpm
mod_auth_mellon-debuginfo-0.8.0-3.el6_6.i686.rpm
- Scientific Linux Development Team
SciLinux: CVE-2014-8566 Important: mod_auth_mellon SL6.x i386/x86_64
Important: mod_auth_mellon security update
Summary
Important: mod_auth_mellon security update
Security Fixes
Severity
Advisory ID: SLSA-2014:1803-1
Issued Date: : 2014-11-05
CVE Numbers: CVE-2014-8566
CVE-2014-8567
News
HOWTOs
About Us
Powered By
