Fedora: 2008-6314 Moderate: HTTPD Memory Exhaustion Due To Proxy Handling

The Apache HTTP Server is a powerful, efficient, and extensible

web server.

This update includes the latest release of httpd 2.2. A security issue is

fixed in this update: A flaw was found in the handling of excessive interim

responses from an origin server when using mod_proxy_http. In a forward proxy

configuration, if a user of the proxy could be tricked into visiting a malicious

web server, the proxy could be forced into consuming a large amount of stack or

heap memory. This could lead to an eventual process crash due to stack space

exhaustion.

* Mon Jul 14 2008 Joe Orton 2.2.9-1.fc8

- update to 2.2.9 (#454100)

* Mon Jan 28 2008 Joe Orton 2.2.8-1.fc8

- update to 2.2.8 (#430465)

[ 1 ] Bug #451615 - CVE-2008-2364 httpd: mod_proxy_http DoS via excessive interim responses from the origin server

https://bugzilla.redhat.com/show_bug.cgi?id=451615

su -c 'yum update httpd' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/