Mandriva Linux Security Advisory 2013-015
https://packetstormsecurity.com/files/120551/MDVSA-2013-015.txt
https://packetstormsecurity.com/files/120551/MDVSA-2013-015.txthttps://packetstormsecurity.com/files/120551/Mandriva-Linux-Security-Advisory-2013-015.htmlTue, 26 Feb 2013 16:57:21 GMTMandriva Linux Security Advisory 2013-015 - Multiple vulnerabilities has been found and corrected in apache. Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. XSS in mod_proxy_balancer manager interface. Additionally the ASF bug 53219 was resolved which provides a way to mitigate the CRIME attack vulnerability by disabling TLS-level compression. Use the new directive SSLCompression on|off to enable or disable TLS-level compression, by default SSLCompression is turned on. The updated packages have been upgraded to the latest 2.2.24 version which is not vulnerable to these issues.