/etc/apache2/mods-available/suexec.load has group read
Bug #872000 reported by
Jamie Strandboge
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apache2 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
$ ls -l /etc/apache2/
-rw-rw-r-- 1 root root 64 2011-09-06 13:38 /etc/apache2/
While this is not security-relevant, it is also not desirable. What happened is that the default umask changed fro 0002 to 0022 in 11.10 (https:/
dh_fixperms -Xsuexec
chmod go-wx debian/
| Changed in apache2 (Ubuntu): | |
| importance: | Undecided → Medium |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in apache2 (Ubuntu): | |
| status: | New → Fix Released |
To post a comment you must log in.
This bug was fixed in the package apache2 - 2.2.21-2ubuntu1
---------------
apache2 (2.2.21-2ubuntu1) precise; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/{control, rules}: Enable PIE hardening.
- debian/{control, rules, apache2.
- debian/control: Add bzr tag and point it to our tree
- debian/apache2.py, debian/
- debian/control, debian/
Plymouth aware passphrase dialog program ask-for-passphrase.
apache2 (2.2.21-2) unstable; urgency=high
* Fix CVE-2011-3368: Prevent unintended pattern expansion in some
reverse proxy configurations by strictly validating the request-URI.
* Correctly set permissions of suexec.load even if umask is 0002 during
build. LP: #872000
apache2 (2.2.21-1) unstable; urgency=low
* New upstream release.
- Fixes CVE-2011-3348: Possible denial of service in mod_proxy_ajp
if combined with mod_proxy_balancer
-- Chuck Short <email address hidden> Fri, 14 Oct 2011 16:01:29 +0000