Mod_perl incorporates a Perl interpreter into the Apache web server, such that the Apache HTTP server can directly execute Perl code. Security Fix: * mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the R ...
Mod_perl incorporates a Perl interpreter into the Apache web server, such that the Apache HTTP server can directly execute Perl code. Security Fix: * mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the R ...
mod_perl allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: regex: fix read overrun - CVE-2016-10739: Fully parse IPv4 address strings - CVE-2009-5155: ERE "0|0|\1|0" causes regexec undefined behavior Non-security issues fixed: - Enable TLE only if GLIBC_ELISION_ENABLE=yes is defined - Add more checks for valid ld.so.cache file - Added cfi information for star ...
This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match . - CVE-2009-5155: Fixed a denial of service in parse_reg_exp . Non-security issues fixed: - Added cfi information for start routines in order to stop unwinding on S390 .
This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match . - CVE-2009-5155: Fixed a denial of service in parse_reg_exp . Non-security issues fixed: - Added cfi information for start routines in order to stop unwinding on S390 .
This update for glibc fixes the following issues: - CVE-2015-8985: Fixed assertion failure in pop_fail_stack when executing a malformed regexp - x86: fix stack alignment in pthread_cond_[timed]wait - Recognize ppc64p7 arch to build for power7
This update for glibc fixes the following issues: - CVE-2015-8985: Fixed assertion failure in pop_fail_stack when executing a malformed regexp - x86: fix stack alignment in pthread_cond_[timed]wait - Recognize ppc64p7 arch to build for power7
This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match . - CVE-2009-5155: Fixed a denial of service in parse_reg_exp . Non-security issues fixed: - Does no longer compress debug sections in crt*.o files - Fixes a concurrency problem in ldconfig - Fixes a race conditio ...
The pop_fail_stack function in the GNU C Library allows context-dependent attackers to cause a denial of service via vectors related to extended regular expression processing.