Note:
* SECURITY: CVE-2011-3348 (cve.mitre.org)
mod_proxy_ajp when combined with mod_proxy_balancer: Prevents unrecognized
HTTP methods from marking ajp: balancer members in an error state, avoiding
denial of service.
* SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Further fixes to the handling of byte-range requests to use less
memory, to avoid denial of service. This patch includes fixes to the patch
introduced in release 2.2.20 for protocol compliance, as well as the
MaxRanges directive.
Note:
This commit is improving the openvpn package to build the included
plugins if possible (currently only the pam authentication plugin
if pam is installed), but also introducing the 'plugins_enabled'
variable within the openvpn.conf file which can be used to define
a space seperated list of plugins which should be build additionally.
This will offer a convinient way for targets which patch in custom
plugins to enable them within the build process of the package.
The only thing to do is to append the desired plugin to then list
stored within the $plugins_enabled variable.
Example: Adding 'myplugin' within a target specific 'openvpn.conf'
--------------------------------------------------------------------
var_append plugins_enabled ' ' "myplugin"
--------------------------------------------------------------------
Note:
This is a security release in order to address CVE-2011-2522 (Cross-Site
Request Forgery in SWAT) and CVE-2011-2694 (Cross-Site Scripting vulnerability
in SWAT).
This reverts commit 85a04fda1f.
Note:
This update is breaking iproute2 because of API changes, thus we have
to wait with the update until iproute2 is fixed to work with the new
API of xtables.
Christian Wiese
Christian Wiese
Aldas Nabazas
Gernot Tenchio
Bastian Kummer