Security update for apache2-mod_perl SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2549-1 Final 1 1 2019-11-23T17:20:34Z current 2019-11-23T17:20:34Z 2019-11-23T17:20:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for apache2-mod_perl This update for apache2-mod_perl to version 2.0.11 fixes the following issues: Security issue fixed: - CVE-2011-2767: Fixed a vulnerability which could have allowed perl code execution in the context of user account (bsc#1156944). Other issue addressed: - Restore process name after sv_setpv_mg() call. (bsc#1091625) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2549 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00063.html E-Mail link for openSUSE-SU-2019:2549-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1091625 SUSE Bug 1091625 https://bugzilla.suse.com/1156944 SUSE Bug 1156944 https://www.suse.com/security/cve/CVE-2011-2767/ SUSE CVE CVE-2011-2767 page openSUSE Leap 15.0 openSUSE Leap 15.1 apache2-mod_perl-2.0.11-lp151.3.3.1 apache2-mod_perl-devel-2.0.11-lp151.3.3.1 apache2-mod_perl-2.0.11-lp151.3.3.1 as a component of openSUSE Leap 15.0 apache2-mod_perl-devel-2.0.11-lp151.3.3.1 as a component of openSUSE Leap 15.0 apache2-mod_perl-2.0.11-lp151.3.3.1 as a component of openSUSE Leap 15.1 apache2-mod_perl-devel-2.0.11-lp151.3.3.1 as a component of openSUSE Leap 15.1 mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. CVE-2011-2767 openSUSE Leap 15.0:apache2-mod_perl-2.0.11-lp151.3.3.1 openSUSE Leap 15.0:apache2-mod_perl-devel-2.0.11-lp151.3.3.1 openSUSE Leap 15.1:apache2-mod_perl-2.0.11-lp151.3.3.1 openSUSE Leap 15.1:apache2-mod_perl-devel-2.0.11-lp151.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00063.html https://www.suse.com/security/cve/CVE-2011-2767.html CVE-2011-2767 https://bugzilla.suse.com/1156944 SUSE Bug 1156944