wok rev 10931
apache: add range-CVE-2011-3192 fix
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Fri Aug 26 13:57:39 2011 +0200 (2011-08-26) |
| parents | 7005bc30066e |
| children | ff0097ff50cd |
| files | apache/receipt apache/stuff/fix-range-CVE-2011-3192.conf |
line diff
1.1 --- a/apache/receipt Sat Aug 20 22:16:05 2011 +0200 1.2 +++ b/apache/receipt Fri Aug 26 13:57:39 2011 +0200 1.3 @@ -42,6 +42,8 @@ 1.4 cp -a $_pkg/var $fs 1.5 1.6 cp -a $stuff/apache $fs/etc/init.d 1.7 + mkdir -p $fs/etc/apache/extra 1.8 + cp -a $stuff/fix-range-CVE-2011-3192.conf $fs/etc/apache/extra 1.9 1.10 sed -i -e 's|User daemon|User www|' -e 's|Group daemon|Group www|' \ 1.11 -e 's|ServerAdmin you@example.com|ServerAdmin root@localhost|' \
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/apache/stuff/fix-range-CVE-2011-3192.conf Fri Aug 26 13:57:39 2011 +0200 2.3 @@ -0,0 +1,8 @@ 2.4 +# From http://thread.gmane.org/gmane.comp.apache.announce/58 2.5 +# Drop the Range header when more than 5 ranges. 2.6 +# CVE-2011-3192 2.7 +SetEnvIf Range (,.*?){5,} bad-range=1 2.8 +RequestHeader unset Range env=bad-range 2.9 + 2.10 +# optional logging. 2.11 +#CustomLog logs/range-CVE-2011-3192.log common env=bad-range