Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Fedora 30: FEDORA-2019-099575a123 High: Apache HTTPD Security Issues

fedora
Calendar Grey August 22, 2019
Dist Fedora Esm H88
Apache HTTP Server 2.4.41 fixes security issues on Fedora 30. Update recommended for enhanced security!
This update includes the latest release of the Apache HTTP Server, version `2.4.41`, fixing various security issues

Summary

The Apache HTTP Server is a powerful, efficient, and extensible

web server.

This update includes the latest release of the Apache HTTP Server, version

`2.4.41`, fixing various security issues. Several major enhancements are also

included in this update: * `mod_md` is now packaged from upstream *github*

releases, adding support for ACMEv2. * `mod_cgid` stderr handling has been

improved See for a full list of

changes since the previous release of `httpd`.

* Thu Aug 15 2019 Joe Orton - 2.4.41-1

- update to 2.4.41

* Thu Jul 25 2019 Fedora Release Engineering - 2.4.39-13

- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Tue Jul 23 2019 Joe Orton - 2.4.39-12

- drop /var/lib/dav directory, since mod_dav_fs uses statedir

* Wed Jul 17 2019 Joe Orton - 2.4.39-11

- mod_cgid: use fd passing to fix script stderr handling (#1591157)

* Mon Jul 8 2019 Joe Orton - 2.4.39-10

- htpasswd: add SHA-256/512 support

- apachectl: restore -V/-v/-t support (#1727434)

* Fri Jun 21 2019 Joe Orton - 2.4.39-9

- create instance-specific StateDir in httpd@.service, instance.conf

* Thu Jun 20 2019 Joe Orton - 2.4.39-8

- remove superfluous ap_hack_ symbols from httpd binary

- more verbose %check section

* Thu Jun 13 2019 Lubos Uhliarik - 2.4.39-7

- remove bundled mod_md module

* Thu Jun 13 2019 Joe Orton - 2.4.39-6

- mod_ssl: fix "httpd -L" (etc) before httpd-init.service runs

* Wed Jun 12 2019 Joe Orton - 2.4.39-5

- fixes for StateDir directive (upstream r1857731, r1857731)

* Thu May 2 2019 Lubos Uhliarik - 2.4.39-4

- httpd dependency on initscripts is unspecified (#1705188)

* Tue Apr 9 2019 Joe Orton - 2.4.39-3

- fix statedir symlink to point to /var/lib/httpd (#1697662)

- mod_reqtimeout: fix default values regression (PR 63325)

[ 1 ] Bug #1591157 - Unusable entries in error_log when event MPM is activated

https://bugzilla.redhat.com/show_bug.cgi?id=1591157

[ 2 ] Bug #1727434 - Fedora apachectl script behaves differently than authors design it

https://bugzilla.redhat.com/show_bug.cgi?id=1727434

[ 3 ] Bug #1743961 - CVE-2019-10098 httpd: mod_rewrite potential open redirect [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1743961

[ 4 ] Bug #1743957 - CVE-2019-10092 httpd: limited cross-site scripting in mod_proxy error page [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1743957

[ 5 ] Bug #1743997 - CVE-2019-10097 httpd: null-pointer dereference in mod_remoteip [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1743997

su -c 'dnf upgrade --advisory FEDORA-2019-099575a123' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Product: Fedora 30
Version: 2.4.41
Release: 1.fc30
Summary: Apache HTTP Server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.