Synopsis: Important: mod_auth_mellon security update
Advisory ID: SLSA-2014:1803-1
Issue Date: 2014-11-05
CVE Numbers: CVE-2014-8566
CVE-2014-8567
—
An information disclosure flaw was found in mod_auth_mellon’s session
handling that could lead to sessions overlapping in memory. A remote
attacker could potentially use this flaw to obtain data from another
user’s session. (CVE-2014-8566)
It was found that uninitialized data could be read when processing a
user’s logout request. By attempting to log out, a user could possibly
cause the Apache HTTP Server to crash. (CVE-2014-8567)
—
SL6
x86_64
mod_auth_mellon-0.8.0-3.el6_6.x86_64.rpm
mod_auth_mellon-debuginfo-0.8.0-3.el6_6.x86_64.rpm
i386
mod_auth_mellon-0.8.0-3.el6_6.i686.rpm
mod_auth_mellon-debuginfo-0.8.0-3.el6_6.i686.rpm
– Scientific Linux Development Team
