---------------------------------------------------------------------Fedora Update Notification
FEDORA-2005-849
2005-09-07
---------------------------------------------------------------------Product     : Fedora Core 4
Name        : httpd
Version     : 2.0.54                      
Release     : 10.2                  
Summary     : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, full-featured, efficient, and
freely-available Web server. The Apache HTTP Server is also the
most popular Web server on the Internet.

---------------------------------------------------------------------Update Information:

This update includes two security fixes. An issue was
discovered in mod_ssl where "SSLVerifyClient require" would
not be honoured in location context if the virtual host had
"SSLVerifyClient optional" configured (CAN-2005-2700). An
issue was discovered in memory consumption of the byterange
filter for dynamic resources such as PHP or CGI script
(CAN-2005-2728).
---------------------------------------------------------------------* Fri Sep  2 2005 Joe Orton  2.0.54-10.2
- mod_ssl: add security fix for SSLVerifyClient (#167196, CVE CAN-2005-2700)
- add security fix for byterange filter DoS (#167104, CVE CAN-2005-2728)
- add fix for dummy connection handling (#167425)
- mod_ldap/mod_auth_ldap: add fixes from 2.0.x branch (upstream #34209 etc)
- mod_ssl: add fix for handling non-blocking reads


---------------------------------------------------------------------This update can be downloaded from:
  
de712a893989b4a89a96f3239ffe9359  SRPMS/httpd-2.0.54-10.2.src.rpm
f5c47d9a1fd604a9c9f27cb52b687134  ppc/httpd-2.0.54-10.2.ppc.rpm
3fe32aacb961746f97cb239580645542  ppc/httpd-devel-2.0.54-10.2.ppc.rpm
0231bd287c86eee34823bd5de7309840  ppc/httpd-manual-2.0.54-10.2.ppc.rpm
89fc732f2caae3ec8c4fca897a57f28c  ppc/mod_ssl-2.0.54-10.2.ppc.rpm
9185b402e4ebf58c362557d08f1e1e56  ppc/debug/httpd-debuginfo-2.0.54-10.2.ppc.rpm
5597e26e50c206b6292fb6a481264074  x86_64/httpd-2.0.54-10.2.x86_64.rpm
e0cdb0d7c15b7882e7f446e120e8f20e  x86_64/httpd-devel-2.0.54-10.2.x86_64.rpm
26dcb24b83a0528202dfe6ca343a3909  x86_64/httpd-manual-2.0.54-10.2.x86_64.rpm
5c01b4d973491f2be019bfb526199142  x86_64/mod_ssl-2.0.54-10.2.x86_64.rpm
4284f8fe2b0c85c36a87c8cd0c05f1a4  x86_64/debug/httpd-debuginfo-2.0.54-10.2.x86_64.rpm
8e1b97f27ce4a41eb7eb01c15d8eab81  i386/httpd-2.0.54-10.2.i386.rpm
9e32079613629b690beb02e91120998b  i386/httpd-devel-2.0.54-10.2.i386.rpm
04bad4ac9e45412e658d82d7af66fafc  i386/httpd-manual-2.0.54-10.2.i386.rpm
cbe81b8781314a53962ac1b84ebc7349  i386/mod_ssl-2.0.54-10.2.i386.rpm
7b0f8b83a6f021702135942aa6159a98  i386/debug/httpd-debuginfo-2.0.54-10.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
----------------------------------------------------------------------- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 4 Update: httpd-2.0.54-10.2

September 7, 2005
This update includes two security fixes

Summary

The Apache HTTP Server is a powerful, full-featured, efficient, and

freely-available Web server. The Apache HTTP Server is also the

most popular Web server on the Internet.

This update includes two security fixes. An issue was

discovered in mod_ssl where "SSLVerifyClient require" would

not be honoured in location context if the virtual host had

"SSLVerifyClient optional" configured (CAN-2005-2700). An

issue was discovered in memory consumption of the byterange

filter for dynamic resources such as PHP or CGI script

(CAN-2005-2728).

- mod_ssl: add security fix for SSLVerifyClient (#167196, CVE CAN-2005-2700)

- add security fix for byterange filter DoS (#167104, CVE CAN-2005-2728)

- add fix for dummy connection handling (#167425)

- mod_ldap/mod_auth_ldap: add fixes from 2.0.x branch (upstream #34209 etc)

- mod_ssl: add fix for handling non-blocking reads

de712a893989b4a89a96f3239ffe9359 SRPMS/httpd-2.0.54-10.2.src.rpm

f5c47d9a1fd604a9c9f27cb52b687134 ppc/httpd-2.0.54-10.2.ppc.rpm

3fe32aacb961746f97cb239580645542 ppc/httpd-devel-2.0.54-10.2.ppc.rpm

0231bd287c86eee34823bd5de7309840 ppc/httpd-manual-2.0.54-10.2.ppc.rpm

89fc732f2caae3ec8c4fca897a57f28c ppc/mod_ssl-2.0.54-10.2.ppc.rpm

9185b402e4ebf58c362557d08f1e1e56 ppc/debug/httpd-debuginfo-2.0.54-10.2.ppc.rpm

5597e26e50c206b6292fb6a481264074 x86_64/httpd-2.0.54-10.2.x86_64.rpm

e0cdb0d7c15b7882e7f446e120e8f20e x86_64/httpd-devel-2.0.54-10.2.x86_64.rpm

26dcb24b83a0528202dfe6ca343a3909 x86_64/httpd-manual-2.0.54-10.2.x86_64.rpm

5c01b4d973491f2be019bfb526199142 x86_64/mod_ssl-2.0.54-10.2.x86_64.rpm

4284f8fe2b0c85c36a87c8cd0c05f1a4 x86_64/debug/httpd-debuginfo-2.0.54-10.2.x86_64.rpm

8e1b97f27ce4a41eb7eb01c15d8eab81 i386/httpd-2.0.54-10.2.i386.rpm

9e32079613629b690beb02e91120998b i386/httpd-devel-2.0.54-10.2.i386.rpm

04bad4ac9e45412e658d82d7af66fafc i386/httpd-manual-2.0.54-10.2.i386.rpm

cbe81b8781314a53962ac1b84ebc7349 i386/mod_ssl-2.0.54-10.2.i386.rpm

7b0f8b83a6f021702135942aa6159a98 i386/debug/httpd-debuginfo-2.0.54-10.2.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list mailing list

fedora-announce-list@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-announce-list

FEDORA-2005-849 2005-09-07 Name : httpd Version : 2.0.54 Release : 10.2 Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. The Apache HTTP Server is also the most popular Web server on the Internet. This update includes two security fixes. An issue was discovered in mod_ssl where "SSLVerifyClient require" would not be honoured in location context if the virtual host had "SSLVerifyClient optional" configured (CAN-2005-2700). An issue was discovered in memory consumption of the byterange filter for dynamic resources such as PHP or CGI script (CAN-2005-2728). - mod_ssl: add security fix for SSLVerifyClient (#167196, CVE CAN-2005-2700) - add security fix for byterange filter DoS (#167104, CVE CAN-2005-2728) - add fix for dummy connection handling (#167425) - mod_ldap/mod_auth_ldap: add fixes from 2.0.x branch (upstream #34209 etc) - mod_ssl: add fix for handling non-blocking reads de712a893989b4a89a96f3239ffe9359 SRPMS/httpd-2.0.54-10.2.src.rpm f5c47d9a1fd604a9c9f27cb52b687134 ppc/httpd-2.0.54-10.2.ppc.rpm 3fe32aacb961746f97cb239580645542 ppc/httpd-devel-2.0.54-10.2.ppc.rpm 0231bd287c86eee34823bd5de7309840 ppc/httpd-manual-2.0.54-10.2.ppc.rpm 89fc732f2caae3ec8c4fca897a57f28c ppc/mod_ssl-2.0.54-10.2.ppc.rpm 9185b402e4ebf58c362557d08f1e1e56 ppc/debug/httpd-debuginfo-2.0.54-10.2.ppc.rpm 5597e26e50c206b6292fb6a481264074 x86_64/httpd-2.0.54-10.2.x86_64.rpm e0cdb0d7c15b7882e7f446e120e8f20e x86_64/httpd-devel-2.0.54-10.2.x86_64.rpm 26dcb24b83a0528202dfe6ca343a3909 x86_64/httpd-manual-2.0.54-10.2.x86_64.rpm 5c01b4d973491f2be019bfb526199142 x86_64/mod_ssl-2.0.54-10.2.x86_64.rpm 4284f8fe2b0c85c36a87c8cd0c05f1a4 x86_64/debug/httpd-debuginfo-2.0.54-10.2.x86_64.rpm 8e1b97f27ce4a41eb7eb01c15d8eab81 i386/httpd-2.0.54-10.2.i386.rpm 9e32079613629b690beb02e91120998b i386/httpd-devel-2.0.54-10.2.i386.rpm 04bad4ac9e45412e658d82d7af66fafc i386/httpd-manual-2.0.54-10.2.i386.rpm cbe81b8781314a53962ac1b84ebc7349 i386/mod_ssl-2.0.54-10.2.i386.rpm 7b0f8b83a6f021702135942aa6159a98 i386/debug/httpd-debuginfo-2.0.54-10.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. fedora-announce-list mailing list fedora-announce-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-announce-list

Change Log

References

Update Instructions

Severity
Name : httpd
Version : 2.0.54
Release : 10.2
Summary : Apache HTTP Server

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved