Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora: 2.2.13 Critical Denial-of-Service Fix For Httpd

fedora
Calendar Grey August 31, 2009
Dist Fedora Esm H88
Fedora 12 patch resolves security vulnerabilities in httpd version 2.2.14, improving overall server performance.
This update includes the latest release of the Apache HTTP Server, version 2.2.13, fixing several security issues: * Fix a potential Denial-of-Service attack against mod_deflat...

Summary

The Apache HTTP Server is a powerful, efficient, and extensible

web server.

Update Information:

This update includes the latest release of the Apache HTTP Server, version 2.2.13, fixing several security issues: * Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. (CVE-2009-1891) * Prevent the "Includes" Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it. (CVE-2009-1195) * Fix a potential Denial-of-Service attack against mod_proxy in a reverse proxy configuration, where a remote attacker can force a proxy process to consume CPU time indefinitely. (CVE-2009-1890) * mod_proxy_ajp: Avoid delivering content from a previous request which failed to send a request body. (CVE-2009-1191) Many bug fixes are also included; see the upstream changelog for further details:

Topics%20covered

Topics Covered

security advisory software update Fedora httpd denial-of-service

Change Log

* Tue Aug 18 2009 Joe Orton 2.2.13-1 - update to 2.2.13

References


[ 1 ] Bug #509375 - CVE-2009-1890 httpd: mod_proxy reverse proxy DoS (infinite loop) https://bugzilla.redhat.com/show_bug.cgi?id=509375 [ 2 ] Bug #509125 - CVE-2009-1891 httpd: possible temporary DoS (CPU consumption) in mod_deflate https://bugzilla.redhat.com/show_bug.cgi?id=509125 [ 3 ] Bug #489436 - CVE-2009-1195 AllowOverride Options=IncludesNoExec allows Options Includes https://bugzilla.redhat.com/show_bug.cgi?id=489436

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update httpd' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: httpd
Product: Fedora 11
Version: 2.2.13
Release: 1.fc11
URL: https://httpd.apache.org/
Summary: Apache HTTP Server

Topics%20covered

Topics Covered

security advisory software update Fedora httpd denial-of-service

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here