Fedora Core 4 Update: httpd-2.0.54-10.2

    Date07 Sep 2005
    CategoryFedora
    8764
    Posted ByLinuxSecurity Advisories
    This update includes two security fixes. An issue was discovered in mod_ssl where "SSLVerifyClient require" would not be honoured in location context if the virtual host had "SSLVerifyClient optional" configured (CAN-2005-2700).
    ---------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2005-849
    2005-09-07
    ---------------------------------------------------------------------
    
    Product     : Fedora Core 4
    Name        : httpd
    Version     : 2.0.54                      
    Release     : 10.2                  
    Summary     : Apache HTTP Server
    Description :
    The Apache HTTP Server is a powerful, full-featured, efficient, and
    freely-available Web server. The Apache HTTP Server is also the
    most popular Web server on the Internet.
    
    ---------------------------------------------------------------------
    Update Information:
    
    This update includes two security fixes. An issue was
    discovered in mod_ssl where "SSLVerifyClient require" would
    not be honoured in location context if the virtual host had
    "SSLVerifyClient optional" configured (CAN-2005-2700). An
    issue was discovered in memory consumption of the byterange
    filter for dynamic resources such as PHP or CGI script
    (CAN-2005-2728).
    ---------------------------------------------------------------------
    * Fri Sep  2 2005 Joe Orton  2.0.54-10.2
    - mod_ssl: add security fix for SSLVerifyClient (#167196, CVE CAN-2005-2700)
    - add security fix for byterange filter DoS (#167104, CVE CAN-2005-2728)
    - add fix for dummy connection handling (#167425)
    - mod_ldap/mod_auth_ldap: add fixes from 2.0.x branch (upstream #34209 etc)
    - mod_ssl: add fix for handling non-blocking reads
    
    
    ---------------------------------------------------------------------
    This update can be downloaded from:
      http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
    
    de712a893989b4a89a96f3239ffe9359  SRPMS/httpd-2.0.54-10.2.src.rpm
    f5c47d9a1fd604a9c9f27cb52b687134  ppc/httpd-2.0.54-10.2.ppc.rpm
    3fe32aacb961746f97cb239580645542  ppc/httpd-devel-2.0.54-10.2.ppc.rpm
    0231bd287c86eee34823bd5de7309840  ppc/httpd-manual-2.0.54-10.2.ppc.rpm
    89fc732f2caae3ec8c4fca897a57f28c  ppc/mod_ssl-2.0.54-10.2.ppc.rpm
    9185b402e4ebf58c362557d08f1e1e56  ppc/debug/httpd-debuginfo-2.0.54-10.2.ppc.rpm
    5597e26e50c206b6292fb6a481264074  x86_64/httpd-2.0.54-10.2.x86_64.rpm
    e0cdb0d7c15b7882e7f446e120e8f20e  x86_64/httpd-devel-2.0.54-10.2.x86_64.rpm
    26dcb24b83a0528202dfe6ca343a3909  x86_64/httpd-manual-2.0.54-10.2.x86_64.rpm
    5c01b4d973491f2be019bfb526199142  x86_64/mod_ssl-2.0.54-10.2.x86_64.rpm
    4284f8fe2b0c85c36a87c8cd0c05f1a4  x86_64/debug/httpd-debuginfo-2.0.54-10.2.x86_64.rpm
    8e1b97f27ce4a41eb7eb01c15d8eab81  i386/httpd-2.0.54-10.2.i386.rpm
    9e32079613629b690beb02e91120998b  i386/httpd-devel-2.0.54-10.2.i386.rpm
    04bad4ac9e45412e658d82d7af66fafc  i386/httpd-manual-2.0.54-10.2.i386.rpm
    cbe81b8781314a53962ac1b84ebc7349  i386/mod_ssl-2.0.54-10.2.i386.rpm
    7b0f8b83a6f021702135942aa6159a98  i386/debug/httpd-debuginfo-2.0.54-10.2.i386.rpm
    
    This update can also be installed with the Update Agent; you can
    launch the Update Agent with the 'up2date' command.  
    ---------------------------------------------------------------------
    
    -- 
    fedora-announce-list mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.redhat.com/mailman/listinfo/fedora-announce-list
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50.65,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"27","type":"x","order":"3","pct":35.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.