Apache: Multiple vulnerabilities — GLSA 201504-03

Multiple vulnerabilities have been found in Apache HTTP Server, the worst of which could lead to arbitrary code execution.

Affected Packages

www-servers/apache on all architectures
Affected versions < 2.2.29
Unaffected versions >= 2.2.29

Background

Apache HTTP Server is one of the most popular web servers on the Internet.

Description

Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker may be able to execute arbitrary code or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Apache users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.29"
 

References

Release Date
April 11, 2015

Latest Revision
April 19, 2015: 2

Severity
normal

Exploitable
remote

Bugzilla entries