Security update for apache2-mod_perl SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:3213-1 Final 1 1 2019-12-10T09:05:53Z current 2019-12-10T09:05:53Z 2019-12-10T09:05:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for apache2-mod_perl This update for apache2-mod_perl fixes the following issues: Security issue fixed: - CVE-2011-2767: Fixed a vulnerability which could have allowed perl code execution in the context of user account (bsc#1156944). Other issue addressed: - Restore process name after sv_setpv_mg() call. (bsc#1091625) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2019-3213,SUSE-SLE-SDK-12-SP4-2019-3213,SUSE-SLE-SDK-12-SP5-2019-3213,SUSE-SLE-SERVER-12-SP4-2019-3213,SUSE-SLE-SERVER-12-SP5-2019-3213 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20193213-1/ Link for SUSE-SU-2019:3213-1 https://lists.suse.com/pipermail/sle-security-updates/2019-December/006233.html E-Mail link for SUSE-SU-2019:3213-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1091625 SUSE Bug 1091625 https://bugzilla.suse.com/1156944 SUSE Bug 1156944 https://www.suse.com/security/cve/CVE-2011-2767/ SUSE CVE CVE-2011-2767 page SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP5 apache2-mod_perl-2.0.8-13.5.1 apache2-mod_perl-devel-2.0.8-13.5.1 apache2-mod_perl-2.0.8-13.5.1 as a component of SUSE Linux Enterprise Server 12 SP4 apache2-mod_perl-2.0.8-13.5.1 as a component of SUSE Linux Enterprise Server 12 SP5 apache2-mod_perl-2.0.8-13.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 apache2-mod_perl-2.0.8-13.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 apache2-mod_perl-devel-2.0.8-13.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 apache2-mod_perl-devel-2.0.8-13.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. CVE-2011-2767 SUSE Linux Enterprise Server 12 SP4:apache2-mod_perl-2.0.8-13.5.1 SUSE Linux Enterprise Server 12 SP5:apache2-mod_perl-2.0.8-13.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:apache2-mod_perl-2.0.8-13.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:apache2-mod_perl-2.0.8-13.5.1 SUSE Linux Enterprise Software Development Kit 12 SP4:apache2-mod_perl-devel-2.0.8-13.5.1 SUSE Linux Enterprise Software Development Kit 12 SP5:apache2-mod_perl-devel-2.0.8-13.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20193213-1/ https://www.suse.com/security/cve/CVE-2011-2767.html CVE-2011-2767 https://bugzilla.suse.com/1156944 SUSE Bug 1156944