What Are You Looking For?

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-11792
2015-07-17 23:30:36
--------------------------------------------------------------------------------

Name        : httpd
Product     : Fedora 21
Version     : 2.4.16
Release     : 1.fc21
URL         : https://httpd.apache.org/
Summary     : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.

--------------------------------------------------------------------------------
Update Information:

Update to new version 2.4.16. This update fixed various bugs as well as few security issues.

For full changelog, see --------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 17 2015 Jan Kaluza  - 2.4.16-1
- update to new version 2.4.16
* Fri May 29 2015 Jan Kaluza  - 2.4.12-1
- update to new version 2.4.12
* Wed Dec 17 2014 Jan Kaluza  - 2.4.10-15
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
- mod_proxy_fcgi: fix a potential crash with long headers (CVE-2014-3583)
- mod_lua: fix handling of the Require line when a LuaAuthzProvider is used
  in multiple Require directives with different arguments (CVE-2014-8109)
* Tue Oct 14 2014 Joe Orton  - 2.4.10-14
- require apr-util 1.5.x
* Thu Sep 18 2014 Jan Kaluza  - 2.4.10-13
- use NoDelay and DeferAcceptSec in httpd.socket
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1243887 - CVE-2015-3183 httpd: chunk header parsing defect
        https://bugzilla.redhat.com/show_bug.cgi?id=1243887
  [ 2 ] Bug #1243888 - CVE-2015-3185 httpd: replacement of ap_some_auth_required with new ap_some_authn_required and ap_force_authn
        https://bugzilla.redhat.com/show_bug.cgi?id=1243888
  [ 3 ] Bug #1243891 - CVE-2015-0253 httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path
        https://bugzilla.redhat.com/show_bug.cgi?id=1243891
  [ 4 ] Bug #1202988 - CVE-2015-0228 httpd: Possible mod_lua crash due to websocket bug
        https://bugzilla.redhat.com/show_bug.cgi?id=1202988
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update httpd' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Fedora 21: httpd Security Update

July 30, 2015
Update to new version 2.4.16

Summary

The Apache HTTP Server is a powerful, efficient, and extensible

web server.

Update Information:

Update to new version 2.4.16. This update fixed various bugs as well as few security issues.

Change Log

* Fri Jul 17 2015 Jan Kaluza - 2.4.16-1 - update to new version 2.4.16 * Fri May 29 2015 Jan Kaluza - 2.4.12-1 - update to new version 2.4.12 * Wed Dec 17 2014 Jan Kaluza - 2.4.10-15 - core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704) - mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581) - mod_proxy_fcgi: fix a potential crash with long headers (CVE-2014-3583) - mod_lua: fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments (CVE-2014-8109) * Tue Oct 14 2014 Joe Orton - 2.4.10-14 - require apr-util 1.5.x * Thu Sep 18 2014 Jan Kaluza - 2.4.10-13 - use NoDelay and DeferAcceptSec in httpd.socket

References

[ 1 ] Bug #1243887 - CVE-2015-3183 httpd: chunk header parsing defect https://bugzilla.redhat.com/show_bug.cgi?id=1243887 [ 2 ] Bug #1243888 - CVE-2015-3185 httpd: replacement of ap_some_auth_required with new ap_some_authn_required and ap_force_authn https://bugzilla.redhat.com/show_bug.cgi?id=1243888 [ 3 ] Bug #1243891 - CVE-2015-0253 httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path https://bugzilla.redhat.com/show_bug.cgi?id=1243891 [ 4 ] Bug #1202988 - CVE-2015-0228 httpd: Possible mod_lua crash due to websocket bug https://bugzilla.redhat.com/show_bug.cgi?id=1202988

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update httpd' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : httpd
Product : Fedora 21
Version : 2.4.16
Release : 1.fc21
URL : https://httpd.apache.org/
Summary : Apache HTTP Server

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

OpenSSL 3.2 Adds Support for TCP Fast Open on Linux, Argon2 KDF, and More

Nov 27, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo