-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libapache2-mod-perl2 Version : 2.0.9~1624218-2+deb8u3 CVE ID : CVE-2011-2767 Debian Bug : 644169
Jan Ingvoldstad discovered that libapache2-mod-perl2 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. For Debian 8 "Jessie", this problem has been fixed in version 2.0.9~1624218-2+deb8u3. We recommend that you upgrade your libapache2-mod-perl2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAluhUnZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQLHg/9ESALW2OWY5gPTkboQk4ImVEwqT3Gy+yqQmJym99YWky/3iTEJQawDrs0 pX8UIDrC3VvSkjr2NzvCN7v5TV7ney76x/iqSLQDd3OvQ5M1yXyEDubZT1Qf9ckL NWDLACRRWNW4qeglY1WSUWvSwfyDkCz/rxelS7sQJGsWvQtSkHtW9KJF0vGqL8VB QEVmBBx8X0zyTTkz62N9KRSC46TbgbALEIV+ekFvrUgToAokmpzDFgunEQt3su+u bv7R4BCTZXQdR9TFNH5uBKnQHVzaQEJuCNVOqDYxQxhDlCthJTn+QHF47xkZeCTO 1YL8twbEWrvMgZQdIJFTEvjHo+5J/qugPCRCvlH3lVPdeHFdGFY4syrhs8mO/sdd tN3gj8cCi370ILScxFu4OoeUi39nQbb38Y/XrjovkUJw6BmdDCGkhuyCOusCT62A 6DlqbXyNPJT0XPFtQlKKJGRf6jl5QM98qZb11NdD0aW6ZkhKg3Q0IiNa7QnL7LWH jTY5pfe+go87VLj//ov8SfcVbwF2Ris7Gs8gv0B6s8IptngkZZBy7ihmOKl6Jk2W YRTjcOooGTL6ov1tzAHO/7Gb7cqhtgolYci9r8+jOkcUVgGsKwgxjf5/tFvjqP3G merG5JjPdqji5/J5mE6nZEHz4ub6iIYZO+Aey2bVEtzkVERQhbw= =Y7B+ -----END PGP SIGNATURE-----
