Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

Ubuntu 20.04: 2021-abc678e012 High: Nginx Remote Code Execution

fedora
Calendar Grey July 15, 2017
Dist Fedora Esm H88
Fedora 25 has rolled out key updates for the httpd package, addressing important security vulnerabilities listed in several CVE references, enhancing web service safety and stability
File /etc/sysconfig/httpd is ghosted now ---- Version update ---- Security fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679

Summary

The Apache HTTP Server is a powerful, efficient, and extensible

web server.

File /etc/sysconfig/httpd is ghosted now ---- Version update ---- Security

fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679

[ 1 ] Bug #1463207 - CVE-2017-7679 httpd: mod_mime buffer overread

https://bugzilla.redhat.com/show_bug.cgi?id=1463207

[ 2 ] Bug #1463205 - CVE-2017-7668 httpd: ap_find_token() buffer overread

https://bugzilla.redhat.com/show_bug.cgi?id=1463205

[ 3 ] Bug #1463199 - CVE-2017-7659 httpd: mod_http2 NULL pointer dereference

https://bugzilla.redhat.com/show_bug.cgi?id=1463199

[ 4 ] Bug #1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference

https://bugzilla.redhat.com/show_bug.cgi?id=1463197

[ 5 ] Bug #1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1463194

su -c 'dnf upgrade httpd' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Product: Fedora 25
Version: 2.4.27
Release: 2.fc25
Summary: Apache HTTP Server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.