--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2019-099575a123
2019-08-23 01:26:06.889669
--------------------------------------------------------------------------------Name        : httpd
Product     : Fedora 30
Version     : 2.4.41
Release     : 1.fc30
URL         : https://httpd.apache.org/
Summary     : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.

--------------------------------------------------------------------------------Update Information:

This update includes the latest release of the Apache HTTP Server, version
`2.4.41`, fixing various security issues.  Several major enhancements are also
included in this update:  * `mod_md` is now packaged from upstream *github*
releases, adding support for ACMEv2. * `mod_cgid` stderr handling has been
improved  See  for a full list of
changes since the previous release of `httpd`.
--------------------------------------------------------------------------------ChangeLog:

* Thu Aug 15 2019 Joe Orton  - 2.4.41-1
- update to 2.4.41
* Thu Jul 25 2019 Fedora Release Engineering  - 2.4.39-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jul 23 2019 Joe Orton  - 2.4.39-12
- drop /var/lib/dav directory, since mod_dav_fs uses statedir
* Wed Jul 17 2019 Joe Orton  - 2.4.39-11
- mod_cgid: use fd passing to fix script stderr handling (#1591157)
* Mon Jul  8 2019 Joe Orton  - 2.4.39-10
- htpasswd: add SHA-256/512 support
- apachectl: restore -V/-v/-t support (#1727434)
* Fri Jun 21 2019 Joe Orton  - 2.4.39-9
- create instance-specific StateDir in httpd@.service, instance.conf
* Thu Jun 20 2019 Joe Orton  - 2.4.39-8
- remove superfluous ap_hack_ symbols from httpd binary
- more verbose %check section
* Thu Jun 13 2019 Lubos Uhliarik  - 2.4.39-7
- remove bundled mod_md module
* Thu Jun 13 2019 Joe Orton  - 2.4.39-6
- mod_ssl: fix "httpd -L" (etc) before httpd-init.service runs
* Wed Jun 12 2019 Joe Orton  - 2.4.39-5
- fixes for StateDir directive (upstream r1857731, r1857731)
* Thu May  2 2019 Lubos Uhliarik  - 2.4.39-4
- httpd dependency on initscripts is unspecified (#1705188)
* Tue Apr  9 2019 Joe Orton  - 2.4.39-3
- fix statedir symlink to point to /var/lib/httpd (#1697662)
- mod_reqtimeout: fix default values regression (PR 63325)
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1591157 - Unusable entries in error_log when event MPM is activated
        https://bugzilla.redhat.com/show_bug.cgi?id=1591157
  [ 2 ] Bug #1727434 - Fedora apachectl script behaves differently than authors design it
        https://bugzilla.redhat.com/show_bug.cgi?id=1727434
  [ 3 ] Bug #1743961 - CVE-2019-10098 httpd: mod_rewrite potential open redirect [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1743961
  [ 4 ] Bug #1743957 - CVE-2019-10092 httpd: limited cross-site scripting in mod_proxy error page [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1743957
  [ 5 ] Bug #1743997 - CVE-2019-10097 httpd: null-pointer dereference in mod_remoteip [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1743997
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-099575a123' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Fedora 30: httpd FEDORA-2019-099575a123

August 22, 2019
This update includes the latest release of the Apache HTTP Server, version `2.4.41`, fixing various security issues

Summary

The Apache HTTP Server is a powerful, efficient, and extensible

web server.

This update includes the latest release of the Apache HTTP Server, version

`2.4.41`, fixing various security issues. Several major enhancements are also

included in this update: * `mod_md` is now packaged from upstream *github*

releases, adding support for ACMEv2. * `mod_cgid` stderr handling has been

improved See for a full list of

changes since the previous release of `httpd`.

* Thu Aug 15 2019 Joe Orton - 2.4.41-1

- update to 2.4.41

* Thu Jul 25 2019 Fedora Release Engineering - 2.4.39-13

- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Tue Jul 23 2019 Joe Orton - 2.4.39-12

- drop /var/lib/dav directory, since mod_dav_fs uses statedir

* Wed Jul 17 2019 Joe Orton - 2.4.39-11

- mod_cgid: use fd passing to fix script stderr handling (#1591157)

* Mon Jul 8 2019 Joe Orton - 2.4.39-10

- htpasswd: add SHA-256/512 support

- apachectl: restore -V/-v/-t support (#1727434)

* Fri Jun 21 2019 Joe Orton - 2.4.39-9

- create instance-specific StateDir in httpd@.service, instance.conf

* Thu Jun 20 2019 Joe Orton - 2.4.39-8

- remove superfluous ap_hack_ symbols from httpd binary

- more verbose %check section

* Thu Jun 13 2019 Lubos Uhliarik - 2.4.39-7

- remove bundled mod_md module

* Thu Jun 13 2019 Joe Orton - 2.4.39-6

- mod_ssl: fix "httpd -L" (etc) before httpd-init.service runs

* Wed Jun 12 2019 Joe Orton - 2.4.39-5

- fixes for StateDir directive (upstream r1857731, r1857731)

* Thu May 2 2019 Lubos Uhliarik - 2.4.39-4

- httpd dependency on initscripts is unspecified (#1705188)

* Tue Apr 9 2019 Joe Orton - 2.4.39-3

- fix statedir symlink to point to /var/lib/httpd (#1697662)

- mod_reqtimeout: fix default values regression (PR 63325)

[ 1 ] Bug #1591157 - Unusable entries in error_log when event MPM is activated

https://bugzilla.redhat.com/show_bug.cgi?id=1591157

[ 2 ] Bug #1727434 - Fedora apachectl script behaves differently than authors design it

https://bugzilla.redhat.com/show_bug.cgi?id=1727434

[ 3 ] Bug #1743961 - CVE-2019-10098 httpd: mod_rewrite potential open redirect [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1743961

[ 4 ] Bug #1743957 - CVE-2019-10092 httpd: limited cross-site scripting in mod_proxy error page [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1743957

[ 5 ] Bug #1743997 - CVE-2019-10097 httpd: null-pointer dereference in mod_remoteip [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1743997

su -c 'dnf upgrade --advisory FEDORA-2019-099575a123' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

FEDORA-2019-099575a123 2019-08-23 01:26:06.889669 Product : Fedora 30 Version : 2.4.41 Release : 1.fc30 URL : https://httpd.apache.org/ Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server. This update includes the latest release of the Apache HTTP Server, version `2.4.41`, fixing various security issues. Several major enhancements are also included in this update: * `mod_md` is now packaged from upstream *github* releases, adding support for ACMEv2. * `mod_cgid` stderr handling has been improved See for a full list of changes since the previous release of `httpd`. * Thu Aug 15 2019 Joe Orton - 2.4.41-1 - update to 2.4.41 * Thu Jul 25 2019 Fedora Release Engineering - 2.4.39-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Tue Jul 23 2019 Joe Orton - 2.4.39-12 - drop /var/lib/dav directory, since mod_dav_fs uses statedir * Wed Jul 17 2019 Joe Orton - 2.4.39-11 - mod_cgid: use fd passing to fix script stderr handling (#1591157) * Mon Jul 8 2019 Joe Orton - 2.4.39-10 - htpasswd: add SHA-256/512 support - apachectl: restore -V/-v/-t support (#1727434) * Fri Jun 21 2019 Joe Orton - 2.4.39-9 - create instance-specific StateDir in httpd@.service, instance.conf * Thu Jun 20 2019 Joe Orton - 2.4.39-8 - remove superfluous ap_hack_ symbols from httpd binary - more verbose %check section * Thu Jun 13 2019 Lubos Uhliarik - 2.4.39-7 - remove bundled mod_md module * Thu Jun 13 2019 Joe Orton - 2.4.39-6 - mod_ssl: fix "httpd -L" (etc) before httpd-init.service runs * Wed Jun 12 2019 Joe Orton - 2.4.39-5 - fixes for StateDir directive (upstream r1857731, r1857731) * Thu May 2 2019 Lubos Uhliarik - 2.4.39-4 - httpd dependency on initscripts is unspecified (#1705188) * Tue Apr 9 2019 Joe Orton - 2.4.39-3 - fix statedir symlink to point to /var/lib/httpd (#1697662) - mod_reqtimeout: fix default values regression (PR 63325) [ 1 ] Bug #1591157 - Unusable entries in error_log when event MPM is activated https://bugzilla.redhat.com/show_bug.cgi?id=1591157 [ 2 ] Bug #1727434 - Fedora apachectl script behaves differently than authors design it https://bugzilla.redhat.com/show_bug.cgi?id=1727434 [ 3 ] Bug #1743961 - CVE-2019-10098 httpd: mod_rewrite potential open redirect [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1743961 [ 4 ] Bug #1743957 - CVE-2019-10092 httpd: limited cross-site scripting in mod_proxy error page [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1743957 [ 5 ] Bug #1743997 - CVE-2019-10097 httpd: null-pointer dereference in mod_remoteip [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1743997 su -c 'dnf upgrade --advisory FEDORA-2019-099575a123' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Severity
Product : Fedora 30
Version : 2.4.41
Release : 1.fc30
URL : https://httpd.apache.org/
Summary : Apache HTTP Server

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved