Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

SUSE Linux 11 SP2 Security Advisory 2012:1156-2 Critical Header Injection

suse
Calendar Grey September 14, 2012
Dist Suse Esm H88
Keep informed with this crucial SUSE Security Notification concerning PHP5 that tackles two recognized vulnerabilities.
An update that fixes two vulnerabilities is now available

Summary

This update fixes CVE-2011-1398 and CVE-2011-4388 (header injection via CR). This update also changes the default configuration to use FilesMatch with 'SetHandler' rather than 'AddHandler' to protect weakly written web applications from content confusion. Since this is a hardening measure, no CVE was assigned. Security Issue references: * CVE-2011-1398 * CVE-2011-4388 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP2: zypper in -t patch sdksp2-apache2-mod_php5-6777

Topics%20covered

Topics Covered

security advisory security issue software patch SUSE Linux important update header injection PHP5 update

References

#775852 #778003

Cross- CVE-2011-1398 CVE-2011-4388

Affected Products:

SUSE Linux Enterprise Software Development Kit 11 SP2

SUSE Linux Enterprise Server 11 SP2 for VMware

SUSE Linux Enterprise Server 11 SP2

https://www.suse.com/security/cve/CVE-2011-1398.html

https://www.suse.com/security/cve/CVE-2011-4388.html

https://login.microfocus.com/nidp/app/login?sid=0

https://login.microfocus.com/nidp/app/login?sid=0

https://login.microfocus.com/nidp/app/login?sid=0

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2012:1156-2
Rating: important

Topics%20covered

Topics Covered

security advisory security issue software patch SUSE Linux important update header injection PHP5 update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here