diff options
| author | Stefan Fritsch <sf@sfritsch.de> | 2014-01-26 13:32:34 +0100 |
|---|---|---|
| committer | Stefan Fritsch <sf@sfritsch.de> | 2014-01-27 22:35:41 +0100 |
| commit | 352d5e16eb597557f4adeec67652c4b3b7e0d0cb (patch) | |
| tree | 63414f703c461f8c1c2a167272a5aedf88df0bb6 | |
| parent | 6474d2b63bb51e758b7f27df292c93d6b63864db (diff) | |
| download | apache2-352d5e16eb597557f4adeec67652c4b3b7e0d0cb.tar.gz | |
CVE-2013-1896 mod_dav DoS
| -rw-r--r-- | debian/changelog | 4 | ||||
| -rw-r--r-- | debian/patches/00list | 1 | ||||
| -rwxr-xr-x | debian/patches/304_CVE-2013-1896.dpatch | 33 |
3 files changed, 37 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index 3904abc4..88364de2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,11 @@ apache2 (2.2.16-6+squeeze12) squeeze; urgency=medium - Low impact security issues: + Low impact security fixes: * CVE-2013-1862: mod_rewrite: Ensure that client data written to the RewriteLog is escaped to prevent terminal escape sequences from entering the log file. Closes: #722333 + * CVE-2013-1896: mod_dav: denial of service via MERGE request. + Closes: #717272 -- Stefan Fritsch <sf@debian.org> Sun, 03 Mar 2013 12:25:22 +0100 diff --git a/debian/patches/00list b/debian/patches/00list index 6ac8222f..9282ed80 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -47,3 +47,4 @@ 301_CVE-2012-4557_proxy_ajp.dpatch 302_CVE-2012-3499_CVE-2012-4558_XSS.dpatch 303_mod_rewrite-CVE-2013-1862.dpatch +304_CVE-2013-1896.dpatch diff --git a/debian/patches/304_CVE-2013-1896.dpatch b/debian/patches/304_CVE-2013-1896.dpatch new file mode 100755 index 00000000..4efe9fd2 --- /dev/null +++ b/debian/patches/304_CVE-2013-1896.dpatch @@ -0,0 +1,33 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +# +@DPATCH@ +Index: apache2/modules/dav/main/mod_dav.c +=================================================================== +--- apache2.orig/modules/dav/main/mod_dav.c ++++ apache2/modules/dav/main/mod_dav.c +@@ -719,6 +719,12 @@ + + conf = ap_get_module_config(r->per_dir_config, &dav_module); + /* assert: conf->provider != NULL */ ++ if (conf->provider == NULL) { ++ return dav_new_error(r->pool, HTTP_METHOD_NOT_ALLOWED, 0, 0, ++ apr_psprintf(r->pool, ++ "DAV not enabled for %s", ++ ap_escape_html(r->pool, r->uri))); ++ } + + /* resolve the resource */ + err = (*conf->provider->repos->get_resource)(r, conf->dir, +@@ -2655,11 +2661,6 @@ + "Destination URI had an error."); + } + +- if (dav_get_provider(lookup.rnew) == NULL) { +- return dav_error_response(r, HTTP_METHOD_NOT_ALLOWED, +- "DAV not enabled for Destination URI."); +- } +- + /* Resolve destination resource */ + err = dav_get_resource(lookup.rnew, 0 /* label_allowed */, + 0 /* use_checked_in */, &resnew); |