Bug 36490

Summary: CVE-2019-0211: Apache HTTP Server privilege escalation from modules' scripts
Product: Sisyphus Reporter: Dmitry V. Levin <ldv>
Component: apache2Assignee: Anton Farygin <rider>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: billmartinnn, rider
Version: unstable   
Hardware: all   
OS: Linux   
URL: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211

Description Dmitry V. Levin 2019-04-02 18:52:20 MSK 
https://twitter.com/iamamoose/status/1112966189276389376
"Flaw in Apache HTTP Server 2.4.17 - 2.4.38 allows anyone you allow to write a script (PHP, CGI,..) to gain root. Get 2.4.39 *now* especially if you have untrusted script authors or run shared hosting (or use mod_auth_digest, due to a separate flaw)"
Comment 1 Anton Farygin 2019-04-02 19:33:50 MSK 
Решето.
Comment 2 Anton Farygin 2019-04-02 19:50:20 MSK 
#226419 POSTPONED #1 c8.1 apache2.git=2.4.39-alt1
#226418 POSTPONED #1 p8 apache2.git=2.4.39-alt1
#226417 BUILDING #1 [locked] sisyphus apache2.git=2.4.39-alt1