Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Fedora Core 4: 2005-849 Critical: Mod_ssl DoS and Memory Issues

fedora
Calendar Grey September 7, 2005
Dist Fedora Esm H88
A new release for Fedora Core 4 provides essential updates for the httpd Apache server, targeting vulnerabilities related to mod_ssl's security.
This update includes two security fixes

Summary

The Apache HTTP Server is a powerful, full-featured, efficient, and

freely-available Web server. The Apache HTTP Server is also the

most popular Web server on the Internet.

This update includes two security fixes. An issue was

discovered in mod_ssl where "SSLVerifyClient require" would

not be honoured in location context if the virtual host had

"SSLVerifyClient optional" configured (CAN-2005-2700). An

issue was discovered in memory consumption of the byterange

filter for dynamic resources such as PHP or CGI script

(CAN-2005-2728).

- mod_ssl: add security fix for SSLVerifyClient (#167196, CVE CAN-2005-2700)

- add security fix for byterange filter DoS (#167104, CVE CAN-2005-2728)

- add fix for dummy connection handling (#167425)

- mod_ldap/mod_auth_ldap: add fixes from 2.0.x branch (upstream #34209 etc)

- mod_ssl: add fix for handling non-blocking reads

de712a893989b4a89a96f3239ffe9359 SRPMS/httpd-2.0.54-10.2.src.rpm

f5c47d9a1fd604a9c9f27cb52b687134 ppc/httpd-2.0.54-10.2.ppc.rpm

3fe32aacb961746f97cb239580645542 ppc/httpd-devel-2.0.54-10.2.ppc.rpm

0231bd287c86eee34823bd5de7309840 ppc/httpd-manual-2.0.54-10.2.ppc.rpm

89fc732f2caae3ec8c4fca897a57f28c ppc/mod_ssl-2.0.54-10.2.ppc.rpm

9185b402e4ebf58c362557d08f1e1e56 ppc/debug/httpd-debuginfo-2.0.54-10.2.ppc.rpm

5597e26e50c206b6292fb6a481264074 x86_64/httpd-2.0.54-10.2.x86_64.rpm

e0cdb0d7c15b7882e7f446e120e8f20e x86_64/httpd-devel-2.0.54-10.2.x86_64.rpm

26dcb24b83a0528202dfe6ca343a3909 x86_64/httpd-manual-2.0.54-10.2.x86_64.rpm

5c01b4d973491f2be019bfb526199142 x86_64/mod_ssl-2.0.54-10.2.x86_64.rpm

4284f8fe2b0c85c36a87c8cd0c05f1a4 x86_64/debug/httpd-debuginfo-2.0.54-10.2.x86_64.rpm

8e1b97f27ce4a41eb7eb01c15d8eab81 i386/httpd-2.0.54-10.2.i386.rpm

9e32079613629b690beb02e91120998b i386/httpd-devel-2.0.54-10.2.i386.rpm

04bad4ac9e45412e658d82d7af66fafc i386/httpd-manual-2.0.54-10.2.i386.rpm

cbe81b8781314a53962ac1b84ebc7349 i386/mod_ssl-2.0.54-10.2.i386.rpm

7b0f8b83a6f021702135942aa6159a98 i386/debug/httpd-debuginfo-2.0.54-10.2.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list mailing list

fedora-announce-list@redhat.com

Topics%20covered

Topics Covered

security advisory Fedora Core memory issue Apache HTTP mod_ssl DoS critical security fix https server

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Name: httpd
Version: 2.0.54
Release: 10.2
Summary: Apache HTTP Server

Topics%20covered

Topics Covered

security advisory Fedora Core memory issue Apache HTTP mod_ssl DoS critical security fix https server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here