Fedora Core 2: 2004-421 Security Alert for Httpd Mod_Ssl Exploit Risks

Apache is a powerful, full-featured, efficient, and freely-available

Web server. Apache is also the most popular Web server on the

Internet.

This update includes the fixes for an issue in mod_ssl which could

lead to a bypass of an SSLCipherSuite setting in directory or location

context (CVE CAN-2004-0885), and a memory consumption denial of

service issue in the handling of request header lines (CVE

CAN-2004-0942).

* Thu Nov 11 2004 Joe Orton <jorton@redhat.com> 2.0.51-2.9

- add fix for memory consumption DoS, CAN-2004-0942

- mod_ssl: add fix for SSLCipherSuite bypass, CAN-2004-0885

This update can be downloaded from:

b202b93fa33a117c576f49b0b6ea8cce SRPMS/httpd-2.0.51-2.9.src.rpm

d44a26a035bef7f26249e1d0a7ae95b4 x86_64/httpd-2.0.51-2.9.x86_64.rpm

0920735cfe93100965958df44e6cca28 x86_64/httpd-devel-2.0.51-2.9.x86_64.rpm

50681f4ed4f3448fa1f8fd86ce41d749 x86_64/httpd-manual-2.0.51-2.9.x86_64.rpm

1b3230a8c205bdf96464d4ecc51bea40 x86_64/mod_ssl-2.0.51-2.9.x86_64.rpm

fae759a29d5ac1eacfb947ec4b447994 x86_64/debug/httpd-debuginfo-2.0.51-2.9.x86_64.rpm

d8e4ed9aafd639fdfab26e6fe3cd8c29 i386/httpd-2.0.51-2.9.i386.rpm

cd1ab7ce0fcc375de0d6db748babc753 i386/httpd-devel-2.0.51-2.9.i386.rpm

341a963e8ac8aba17c18eaebc7ac27c1 i386/httpd-manual-2.0.51-2.9.i386.rpm

f227c579f61c355c594f8e790695bcd8 i386/mod_ssl-2.0.51-2.9.i386.rpm

dc3be7afa997f09293b82caaae505f7b i386/debug/httpd-debuginfo-2.0.51-2.9.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.