Explore top 10 tips to secure your open-source projects now. Read More
×
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
The httpd packages provide the Apache HTTP Server, a powerful, efficient,
and extensible web server.
Multiple flaws were found in the way httpd parsed HTTP requests and
responses using chunked transfer encoding. A remote attacker could use
these flaws to create a specially crafted request, which httpd would decode
differently from an HTTP proxy software in front of it, possibly leading to
HTTP request smuggling attacks. (CVE-2015-3183)
All httpd users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the httpd service will be restarted automatically.
https://access.redhat.com/security/cve/CVE-2015-3183 https://access.redhat.com/security/updates/classification/#moderate
Red Hat Enterprise Linux Desktop (v. 6):
Source:
httpd-2.2.15-47.el6_7.src.rpm
i386:
httpd-2.2.15-47.el6_7.i686.rpm
httpd-debuginfo-2.2.15-47.el6_7.i686.rpm
httpd-tools-2.2.15-47.el6_7.i686.rpm
x86_64:
httpd-2.2.15-47.el6_7.x86_64.rpm
httpd-debuginfo-2.2.15-47.el6_7.x86_64.rpm
httpd-tools-2.2.15-47.el6_7.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
httpd-debuginfo-2.2.15-47.el6_7.i686.rpm
httpd-devel-2.2.15-47.el6_7.i686.rpm
mod_ssl-2.2.15-47.el6_7.i686.rpm
noarch:
httpd-manual-2.2.15-47.el6_7.noarch.rpm
x86_64:
httpd-debuginfo-2.2.15-47.el6_7.i686.rpm
httpd-debuginfo-2.2.15-47.el6_7.x86_64.rpm
httpd-devel-2.2.15-47.el6_7.i686.rpm
httpd-devel-2.2.15-47.el6_7.x86_64.rpm
mod_ssl-2.2.15-47.el6_7.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
httpd-2.2.15-47.el6_7.src.rpm
x86_64:
httpd-2.2.15-47.el6_7.x86_64.rpm
httpd-debuginfo-2.2.15-47.el6_7.x86_64.rpm
httpd-tools-2.2.15-47.el6_7.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
noarch:
httpd-manual-2.2.15-47.el6_7.noarch.rpm
x86_64:
httpd-debuginfo-2.2.15-47.el6_7.i686.rpm
httpd-debuginfo-2.2.15-47.el6_7.x86_64.rpm
httpd-devel-2.2.15-47.el6_7.i686.rpm
httpd-devel-2.2.15-47.el6_7.x86_64.rpm
mod_ssl-2.2.15-47.el6_7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
Read the Full Advisory
Updated httpd packages that fix one security issue are now available forRed Hat Enterprise Linux 6.Red Hat Product Security has rated this update as having Moderate securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser
Get the latest Linux and open source security news straight to your inbox.