Bug#722333: apache2 - CVE-2013-1862 - mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server

Tue, 10 Sep 2013 04:12:53 -0700 

Package: apache2
Version: 2.2.16-6+squeeze10
Severity: important

Hi,
apache.org released a security update for CVE-2013-1862, which has been marked as "security impact is unimportant" in security-tracker.d.n.
Please provide an updated package for oldstable and stable via oldstable-proposed-updates and proposed-updates. 

Thanks
Martin

--
Martin Zobel-Helas
Teamleiter Betrieb
Tel.:  +49 (2161) 4643-196
Fax:   +49 (2161) 4643-100
Email: martin.zobel-he...@credativ.de
pgp fingerprint 6B18 5642 8E41 EC89 3D5D  BDBB 53B1 AC6D B11B 627B

credativ GmbH, HRB Mönchengladbach 12080
USt-ID-Nummer: DE204566209
Hohenzollernstr. 133, 41061 Mönchengladbach
Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer

Index: CHANGES
===================================================================
--- CHANGES	(revision 1469310)
+++ CHANGES	(working copy)
@@ -1,8 +1,11 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.25
 
+  *) SECURITY: CVE-2013-1862 (cve.mitre.org)
+     mod_rewrite: Ensure that client data written to the RewriteLog is
+     escaped to prevent terminal escape sequences from entering the
+     log file.  [Joe Orton]
 
-
 Changes with Apache 2.2.24
 
   *) SECURITY: CVE-2012-3499 (cve.mitre.org)
Index: modules/mappers/mod_rewrite.c
===================================================================
--- modules/mappers/mod_rewrite.c	(revision 1469310)
+++ modules/mappers/mod_rewrite.c	(working copy)
@@ -500,11 +500,11 @@
 
     logline = apr_psprintf(r->pool, "%s %s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] "
                                     "(%d) %s%s%s%s" APR_EOL_STR,
-                           rhost ? rhost : "UNKNOWN-HOST",
-                           rname ? rname : "-",
-                           r->user ? (*r->user ? r->user : "\"\"") : "-",
+                           rhost ? ap_escape_logitem(r->pool, rhost) : "UNKNOWN-HOST",
+                           rname ? ap_escape_logitem(r->pool, rname) : "-",
+                           r->user ? (*r->user ? ap_escape_logitem(r->pool, r->user) : "\"\"") : "-",
                            current_logtime(r),
-                           ap_get_server_name(r),
+                           ap_escape_logitem(r->pool, ap_get_server_name(r)),
                            (void *)(r->server),
                            (void *)r,
                            r->main ? "subreq" : "initial",
@@ -514,7 +514,7 @@
                            perdir ? "[perdir " : "",
                            perdir ? perdir : "",
                            perdir ? "] ": "",
-                           text);
+                           ap_escape_logitem(r->pool, text));
 
     nbytes = strlen(logline);
     apr_file_write(conf->rewritelogfp, logline, &nbytes);

Reply via email to