SciLinux: SLSA-2014:1803-1 Important: mod_auth_mellon Session Flaw

Nov 06, 2014 •

LinuxSecurity Advisories

1 min read

Scientific Large Esm H500

Topics Covered

security advisory security update important information disclosure apache http server session handling mod_auth_mellon

Important: mod_auth_mellon security update

Date: Thu, 6 Nov 2014 20:50:10 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: mod_auth_mellon on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: mod_auth_mellon security update
Advisory ID: SLSA-2014:1803-1
Issue Date: 2014-11-05
CVE Numbers: CVE-2014-8566
 CVE-2014-8567
--

An information disclosure flaw was found in mod_auth_mellon's session
handling that could lead to sessions overlapping in memory. A remote
attacker could potentially use this flaw to obtain data from another
user's session. (CVE-2014-8566)

It was found that uninitialized data could be read when processing a
user's logout request. By attempting to log out, a user could possibly
cause the Apache HTTP Server to crash. (CVE-2014-8567)
--

SL6
 x86_64
 mod_auth_mellon-0.8.0-3.el6_6.x86_64.rpm
 mod_auth_mellon-debuginfo-0.8.0-3.el6_6.x86_64.rpm
 i386
 mod_auth_mellon-0.8.0-3.el6_6.i686.rpm
 mod_auth_mellon-debuginfo-0.8.0-3.el6_6.i686.rpm

- Scientific Linux Development Team

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here