Fedora Core 4 Update: httpd-2.0.54-10.3

    Date27 Jan 2006
    CategoryFedora
    5403
    Posted ByJoe Shakespeare
    This update includes fixes for three security issues in the Apache HTTP Server.
    ---------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2006-052
    2006-01-20
    ---------------------------------------------------------------------
    
    Product     : Fedora Core 4
    Name        : httpd
    Version     : 2.0.54                      
    Release     : 10.3                  
    Summary     : Apache HTTP Server
    Description :
    The Apache HTTP Server is a powerful, full-featured, efficient, and
    freely-available Web server. The Apache HTTP Server is also the
    most popular Web server on the Internet.
    
    ---------------------------------------------------------------------
    Update Information:
    
    This update includes fixes for three security issues in the
    Apache HTTP Server.
    
    A memory leak in the worker MPM could allow remote attackers
    to cause a denial of service (memory consumption) via
    aborted connections, which prevents the memory for the
    transaction pool from being reused for other connections.
    The Common Vulnerabilities and Exposures project assigned
    the name CVE-2005-2970 to this issue. This vulnerability
    only affects users who are using the non-default worker MPM.
    
    A flaw in mod_imap when using the Referer directive with
    image maps was discovered. With certain site configurations,
    a remote attacker could perform a cross-site scripting
    attack if a victim can be  forced to visit a malicious URL
    using certain web browsers. (CVE-2005-3352)
    
    A NULL pointer dereference flaw in mod_ssl was discovered
    affecting server configurations where an SSL virtual host is
    configured with access control and a custom 400 error
    document. A remote attacker could send a carefully
    crafted request to trigger this issue which would lead to a
    crash. This crash would only be a denial of service if using
    the non-default worker MPM. (CVE-2005-3357)
    
    ---------------------------------------------------------------------
    * Tue Jan 17 2006 Joe Orton  2.0.54-10.3
    - mod_ssl: add security fix for HTTP-on-SSL-port handling (CVE-2005-3357)
    - mod_imap: add security fix for XSS issue (CVE-2005-3352)
    - worker MPM: add security fix for memory consumption DoS (CVE-2005-2970),
      and bug fixes for handling resource allocation failures (#171759)
    - mod_ssl: buffer request bodies for per-location renegotiation (upstream #12355)
    
    ---------------------------------------------------------------------
    This update can be downloaded from:
      http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
    
    dad048a945087d7bfc78bc4ae94111ce48ecf7fb  SRPMS/httpd-2.0.54-10.3.src.rpm
    5b6d6597cfe9f1bb36a21227943cde8664eafdcb  ppc/httpd-2.0.54-10.3.ppc.rpm
    0d57fd912a03a9079c11cd8bfb49fd4f5dab7a99  ppc/httpd-devel-2.0.54-10.3.ppc.rpm
    2656e7eedf0695ae66b946c3dfce4291082edac8  ppc/httpd-manual-2.0.54-10.3.ppc.rpm
    8b52dfd03a206f48ded470a9b72806de3077c270  ppc/mod_ssl-2.0.54-10.3.ppc.rpm
    16ec57db5e7c2565868c7adeff003881c938bf23  ppc/debug/httpd-debuginfo-2.0.54-10.3.ppc.rpm
    8bed48fddd4cfd2bcbb0ee14e738c5cefa616eae  x86_64/httpd-2.0.54-10.3.x86_64.rpm
    6175611861e72f6798966e25663483a3dba92671  x86_64/httpd-devel-2.0.54-10.3.x86_64.rpm
    94f951cbdfac7529f1f0707786ef59525797ea44  x86_64/httpd-manual-2.0.54-10.3.x86_64.rpm
    1c71c5f55766d2d1152f3e287aacf70e017fe2ad  x86_64/mod_ssl-2.0.54-10.3.x86_64.rpm
    8a870ce0e7f5c14478f5448714babfd53ff773a1  x86_64/debug/httpd-debuginfo-2.0.54-10.3.x86_64.rpm
    6db7bcdecfe33ad04ccd1f62cb865d5d85526bd5  i386/httpd-2.0.54-10.3.i386.rpm
    757af8de4747675acba18a57ad50425324b62015  i386/httpd-devel-2.0.54-10.3.i386.rpm
    add58762ba00bf5e967183039fd387b3c22fa857  i386/httpd-manual-2.0.54-10.3.i386.rpm
    899f3e257cb5ecfe61bf9d3b65ea68faaf161293  i386/mod_ssl-2.0.54-10.3.i386.rpm
    893889af90727804fd647d8f7c88bb0656c71c9d  i386/debug/httpd-debuginfo-2.0.54-10.3.i386.rpm
    
    This update can be installed with the 'yum' update program.  Use 'yum update
    package-name' at the command line.  For more information, refer to 'Managing
    Software with yum,' available at http://fedora.redhat.com/docs/yum/.
    ---------------------------------------------------------------------
    
    -- 
    fedora-announce-list mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/fedora-announce-list
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"67","type":"x","order":"1","pct":57.76,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":12.93,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.31,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.