Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 21 Advisory: Critical Httpd Update for Security Issues

fedora
Calendar Grey July 30, 2015
Dist Fedora Esm H88
Protect your Fedora 21 system by updating the Apache HTTP Server (httpd) to fix critical vulnerabilities and bugs for enhanced security and performance
Update to new version 2.4.16

Summary

The Apache HTTP Server is a powerful, efficient, and extensible

web server.

Update Information:

Update to new version 2.4.16. This update fixed various bugs as well as few security issues.

Topics%20covered

Topics Covered

security advisory update critical Fedora issue httpd bug

Change Log

* Fri Jul 17 2015 Jan Kaluza - 2.4.16-1 - update to new version 2.4.16 * Fri May 29 2015 Jan Kaluza - 2.4.12-1 - update to new version 2.4.12 * Wed Dec 17 2014 Jan Kaluza - 2.4.10-15 - core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704) - mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581) - mod_proxy_fcgi: fix a potential crash with long headers (CVE-2014-3583) - mod_lua: fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments (CVE-2014-8109) * Tue Oct 14 2014 Joe Orton - 2.4.10-14 - require apr-util 1.5.x * Thu Sep 18 2014 Jan Kaluza - 2.4.10-13 - use NoDelay and DeferAcceptSec in httpd.socket

References


[ 1 ] Bug #1243887 - CVE-2015-3183 httpd: chunk header parsing defect https://bugzilla.redhat.com/show_bug.cgi?id=1243887 [ 2 ] Bug #1243888 - CVE-2015-3185 httpd: replacement of ap_some_auth_required with new ap_some_authn_required and ap_force_authn https://bugzilla.redhat.com/show_bug.cgi?id=1243888 [ 3 ] Bug #1243891 - CVE-2015-0253 httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path https://bugzilla.redhat.com/show_bug.cgi?id=1243891 [ 4 ] Bug #1202988 - CVE-2015-0228 httpd: Possible mod_lua crash due to websocket bug https://bugzilla.redhat.com/show_bug.cgi?id=1202988

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update httpd' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: httpd
Product: Fedora 21
Version: 2.4.16
Release: 1.fc21
URL: https://httpd.apache.org/
Summary: Apache HTTP Server

Topics%20covered

Topics Covered

security advisory update critical Fedora issue httpd bug

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here