Fedora Core 4: HTTPD Critical Security Update for CVE Issues

The Apache HTTP Server is a powerful, full-featured, efficient, and

freely-available Web server. The Apache HTTP Server is also the

most popular Web server on the Internet.

This update security fixes for CVE CAN-2005-2088 and CVE

CAN-2005-1268, along with some minor bug fixes.

- add security fix for C-L vs T-E handling (#162245, CVE CAN-2005-2088)

- mod_ssl: add security fix for CRL overflow (CVE CAN-2005-1268)

- mod_ssl: fix to enable output buffering (upstream #35279)

- mod_include: fix variable corruption in nested includes (upstream #12655)

- mod_auth_digest: fix hostinfo comparison in CONNECT requests

4fa67f7a6b0bf8fe8e2f97966b9b1dfd SRPMS/httpd-2.0.54-10.1.src.rpm

d7a168567f442382f3cae489de25aa98 ppc/httpd-2.0.54-10.1.ppc.rpm

0b3f4d2e74888b09d3a6ec9e910addde ppc/httpd-devel-2.0.54-10.1.ppc.rpm

e577a7b970af1b4b402e937fd09a0772 ppc/httpd-manual-2.0.54-10.1.ppc.rpm

929f74cef89f5a6e2b576c547d02b0eb ppc/mod_ssl-2.0.54-10.1.ppc.rpm

f3f46a5c94fa4b65098ca7b1d1ac039c ppc/debug/httpd-debuginfo-2.0.54-10.1.ppc.rpm

591f4801f63f1727f7c83c53b7e5c045 x86_64/httpd-2.0.54-10.1.x86_64.rpm

de5248a0690b7e254a7ae50895a5514d x86_64/httpd-devel-2.0.54-10.1.x86_64.rpm

e8bdb8e4da7bcaf05542daee46583f97 x86_64/httpd-manual-2.0.54-10.1.x86_64.rpm

902b4ab1168c79ca1a6f8b285441c8e6 x86_64/mod_ssl-2.0.54-10.1.x86_64.rpm

ce652f5a0f5643e9852621af103e1d59

x86_64/debug/httpd-debuginfo-2.0.54-10.1.x86_64.rpm

1a6a395ea6daf8c289de466c6024847b i386/httpd-2.0.54-10.1.i386.rpm

4d89b220d743076969439276aa336d00 i386/httpd-devel-2.0.54-10.1.i386.rpm

eee01db93e6db9de5feddec6a7b532ca i386/httpd-manual-2.0.54-10.1.i386.rpm

41f2057cd9b3f4db3709db146b43d456 i386/mod_ssl-2.0.54-10.1.i386.rpm

01ec6253ecb0e6c1e7ff990998e0b98a i386/debug/httpd-debuginfo-2.0.54-10.1.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com