Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Fedora 29: 2019-17556e2ad6 Critical: Fix for httpd Crash in Mod_Cluster

fedora
Calendar Grey May 9, 2019
Dist Fedora Esm H88
The latest update for mod_cluster on Fedora 29 tackles key security vulnerabilities and enhances performance metrics, incorporating essential patches.
Security, Performance updates, fiexes blocker with crashing httpd BZ 1708248

Summary

Mod_cluster is an httpd-based load balancer. Like mod_jk and mod_proxy,

mod_cluster uses a communication channel to forward requests from httpd to one

of a set of application server nodes. Unlike mod_jk and mod_proxy, mod_cluster

leverages an additional connection between the application server nodes and

httpd. The application server nodes use this connection to transmit server-side

load balance factors and lifecycle events back to httpd via a custom set of

HTTP methods, affectionately called the Mod-Cluster Management Protocol (MCMP).

This additional feedback channel allows mod_cluster to offer a level of

intelligence and granularity not found in other load balancing solutions.

Security, Performance updates, fiexes blocker with crashing httpd BZ 1708248

* Thu May 9 2019 Michal Karm Babacek 1.3.11-1

- Updates comments about Selinux in mod_cluster.conf

- Removes Java libs for Tomcat 8 and Wildfly 10, to be reintroduced for Tomcat 9 in a separate package

- Fix for MODCLUSTER-690

- Back port upstream warning fixes

- Fix for MODCLUSTER-543

- Fix forMODCLUSTER-684

- Fix 503 found while investigating MODCLUSTER-684

- Fix for JBCS-634 decrease loops per vhosts for balancer changes

- Fix for MODCLUSTER-622 segfault in process_info

- Fix for MODCLUSTER-582 and clean some C++ comments

- Fix for MODCLUSTER-590 - workers array for Deterministic failover is now allocated dynamically

- Fix for MODCLUSTER-526 We don't use helper->shared if it's already NULL

- Fix for MODCLUSTER-550 Failover targets should be chosen deterministically

- Fix for MODCLUSTER-547

- Fix CVE-2016-8612 JBCS-193

- Fix for MODCLUSTER-522

- Fix for MODCLUSTER-534 update to MODCLUSTER-435 normalizing balancer name

- Security enhancements for protocol parser

* Fri Feb 1 2019 Fedora Release Engineering - 1.3.3-14

- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Fri Jul 13 2018 Fedora Release Engineering - 1.3.3-13

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Thu Feb 8 2018 Fedora Release Engineering - 1.3.3-12

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[ 1 ] Bug #1374210 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1374210

[ 2 ] Bug #1708248 - Segfaults in Apache after updating packages (using mod_cluster and mod_ssl)

https://bugzilla.redhat.com/show_bug.cgi?id=1708248

su -c 'dnf upgrade --advisory FEDORA-2019-17556e2ad6' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 29
Version: 1.3.11
Release: 1.fc29
Summary: Apache HTTP Server dynamic load balancer with Wildfly and Tomcat libraries

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.