Re: [SECURITY] [DSA 952-1] New libapache-auth-ldap packages fix arbitrary code execution
* Nick Boyce:
>>From this I infer that mod_auth_ldap for Debian-packaged Apache 2 must
> be included with the main Debian Apache packages, and that no
> libapache(2)-auth-ldap package is required - and that I therefore need
> fixed Apache 2 packages. Is this so ?
Apache 2 comes with its own LDAP module, which may have shared a
common code base once (the Dave Carrigan is listed as author, too),
but the vulnerable function is not present in version 2.0.55-4. I
haven't looked at other versions.
Reply to: