Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Fedora Core 4: FEDORA-2006-862 Moderate: httpd Mod_Rewrite Issue

fedora
Calendar Grey July 28, 2006
Dist Fedora Esm H88
An update targeting the mod_security extension in Ubuntu 20.04 resolves a buffer overflow vulnerability related to Apache. This patch is intended to enhance system integrity.
This update fixes a security issue in the mod_rewrite module

Summary

The Apache HTTP Server is a powerful, full-featured, efficient, and

freely-available Web server. The Apache HTTP Server is also the

most popular Web server on the Internet.

This update fixes a security issue in the mod_rewrite module.

Mark Dowd of McAfee Avert Labs reported an off-by-one

security problem in the LDAP scheme handling of the

mod_rewrite module. Where RewriteEngine was enabled, and for

certain RewriteRules, this could lead to a pointer being

written out of bounds. (CVE-2006-3747)

The ability to exploit this issue is dependent on the stack

layout for a particular compiled version of mod_rewrite.

The Fedora project has analyzed Fedora Core 4 and 5 binaries

and determined that these distributions are vulnerable to

this issue. However this flaw does not affect a default

installation of Fedora Core; users who do not use, or have

not enabled, the Rewrite module are not affected by this

issue.

- add mod_rewrite security fix (CVE-2006-3747)

81317d5161ff11f6deab496b0562119d0bfc0990 SRPMS/httpd-2.0.54-10.4.src.rpm

81317d5161ff11f6deab496b0562119d0bfc0990 noarch/httpd-2.0.54-10.4.src.rpm

b88cd0f579e2bc914ee974bf426b1a2c8b3b7fb2 ppc/httpd-2.0.54-10.4.ppc.rpm

caed7cf66d784e66969ed8cada0ecfca9212b5ef ppc/httpd-devel-2.0.54-10.4.ppc.rpm

2b0402a1eb83397b24626d78fae0425a1c3a6817 ppc/httpd-manual-2.0.54-10.4.ppc.rpm

883017704eee9b39ffdd6ccf52ad933a51f6ca27 ppc/mod_ssl-2.0.54-10.4.ppc.rpm

0ab368e365f817e9dcd4dcccfc6c0f8898a1f6db ppc/debug/httpd-debuginfo-2.0.54-10.4.ppc.rpm

d27f116a3c7b2f64da314578aa6da7eac590ce34 x86_64/httpd-2.0.54-10.4.x86_64.rpm

14e761d0f7aa7b1f15e0d6c6f8861e0d138ec8e1 x86_64/httpd-devel-2.0.54-10.4.x86_64.rpm

f35c3789a97243bc06bb9c04a749c6f148c85b6b x86_64/httpd-manual-2.0.54-10.4.x86_64.rpm

387155db70ff3e93a23c5cbf0a27548381569170 x86_64/mod_ssl-2.0.54-10.4.x86_64.rpm

571ed80d32e00125ffc279cc96cbac57be4f9bc2 x86_64/debug/httpd-debuginfo-2.0.54-10.4.x86_64.rpm

f8ce1790f54264d675912055f91b4148751a4eec i386/httpd-2.0.54-10.4.i386.rpm

c76b6c07cb048b901e569ec02375dfd3570c78c7 i386/httpd-devel-2.0.54-10.4.i386.rpm

d827df74b0a5dbc5e595d84d00ad648fbd4d0da7 i386/httpd-manual-2.0.54-10.4.i386.rpm

5e0c509e87c6a9875c7df3bb1a239adcb4f1169f i386/mod_ssl-2.0.54-10.4.i386.rpm

e7f948349cdbe8b6442eb30c53571a5880506c6d i386/debug/httpd-debuginfo-2.0.54-10.4.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory security fix Fedora Core httpd attack mod_rewrite LDAP issue

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Name: httpd
Version: 2.0.54
Release: 10.4
Summary: Apache HTTP Server

Topics%20covered

Topics Covered

security advisory security fix Fedora Core httpd attack mod_rewrite LDAP issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here