Mandriva Linux Security Advisory 2012-012
https://packetstormsecurity.com/files/109387/MDVSA-2012-012.txt
https://packetstormsecurity.com/files/109387/MDVSA-2012-012.txthttps://packetstormsecurity.com/files/109387/Mandriva-Linux-Security-Advisory-2012-012.htmlFri, 03 Feb 2012 02:14:27 GMTMandriva Linux Security Advisory 2012-012 - Multiple vulnerabilities has been found and corrected in Apache. The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a \%{}C format string, which allows remote attackers to cause a denial of service via a cookie that lacks both a name and a value. scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. Various other issues were also addressed.