Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Red Hat RHSA-2004:562-01 Critical: HTTPD DoS and SSL Issues

red hat
Calendar Grey November 12, 2004
Dist Redhat Esm H88
Revised nginx packages from CentOS tackle significant vulnerabilities and glitches related to encryption settings and resource usage.
Updated httpd packages that include fixes for two security issues, as well as other bugs, are now available.

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

132593 - mod_dav_fs: indirect lock refresh broken on s390x 134825 - CAN-2004-0885 SSLCipherSuite bypass 138064 - CAN-2004-0942 Memory consumption DoS

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:

118f06e0317eb7d5735990049199b354 httpd-2.0.46-44.ent.src.rpm

i386: 07294bc2ae372ae2c033f6c97a425371 httpd-2.0.46-44.ent.i386.rpm f97f7661878d345e35e49ee5b903ee97 httpd-devel-2.0.46-44.ent.i386.rpm 7ff1d8de6d421d62b5f7c35df785304e mod_ssl-2.0.46-44.ent.i386.rpm

ia64: 731331f101efda7820988a76265d5b29 httpd-2.0.46-44.ent.ia64.rpm 95451f6b0aaffbccffb8e77c88d36cc1 httpd-devel-2.0.46-44.ent.ia64.rpm badd71a4a010b5b96d854de8b4ab14c5 mod_ssl-2.0.46-44.ent.ia64.rpm

ppc: d399d5cbffd283d3e155a2e301542e6f httpd-2.0.46-44.ent.ppc.rpm ded92081a835c8e53ccbf6e8f47f244d httpd-devel-2.0.46-44.ent.ppc.rpm 4a2a5d60a34a09550910738fde57f518 mod_ssl-2.0.46-44.ent.ppc.rpm

s390: 806ff06977f721712068a621c3981f7c httpd-2.0.46-44.ent.s390.rpm 5912d5b3eb7d18071825ef4bfe3b139b httpd-devel-2.0.46-44.ent.s390.rpm 6d2866cab66c09694ba6c98b39d3e52b mod_ssl-2.0.46-44.ent.s390.rpm

s390x: 17bd982545f3e25953a4d3aff7d9ea22 httpd-2.0.46-44.ent.s390x.rpm 2299bd3c8d7a0a5ab525840fc453f1e1 httpd-devel-2.0.46-44.ent.s390x.rpm 51cc33598d9d4559f0daf860396e5ae5 mod_ssl-2.0.46-44.ent.s390x.rpm

x86_64: 1b8bce6493ff433f4fe8361b897d841e httpd-2.0.46-44.ent.x86_64.rpm 7ce1eb8feef44ffdb30563484f214a61 httpd-devel-2.0.46-44.ent.x86_64.rpm fc576fed7de6149c17d5158e87ec600c mod_ssl-2.0.46-44.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:

118f06e0317eb7d5735990049199b354 httpd-2.0.46-44.ent.src.rpm

i386: 07294bc2ae372ae2c033f6c97a425371 httpd-2.0.46-44.ent.i386.rpm f97f7661878d345e35e49ee5b903ee97 httpd-devel-2.0.46-44.ent.i386.rpm 7ff1d8de6d421d62b5f7c35df785304e mod_ssl-2.0.46-44.ent.i386.rpm

x86_64: 1b8bce6493ff433f4fe8361b897d841e httpd-2.0.46-44.ent.x86_64.rpm 7ce1eb8feef44ffdb30563484f214a61 httpd-devel-2.0.46-44.ent.x86_64.rpm fc576fed7de6149c17d5158e87ec600c mod_ssl-2.0.46-44.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:

118f06e0317eb7d5735990049199b354 httpd-2.0.46-44.ent.src.rpm

i386: 07294bc2ae372ae2c033f6c97a425371 httpd-2.0.46-44.ent.i386.rpm f97f7661878d345e35e49ee5b903ee97 httpd-devel-2.0.46-44.ent.i386.rpm 7ff1d8de6d421d62b5f7c35df785304e mod_ssl-2.0.46-44.ent.i386.rpm

ia64: 731331f101efda7820988a76265d5b29 httpd-2.0.46-44.ent.ia64.rpm 95451f6b0aaffbccffb8e77c88d36cc1 httpd-devel-2.0.46-44.ent.ia64.rpm badd71a4a010b5b96d854de8b4ab14c5 mod_ssl-2.0.46-44.ent.ia64.rpm

x86_64: 1b8bce6493ff433f4fe8361b897d841e httpd-2.0.46-44.ent.x86_64.rpm 7ce1eb8feef44ffdb30563484f214a61 httpd-devel-2.0.46-44.ent.x86_64.rpm fc576fed7de6149c17d5158e87ec600c mod_ssl-2.0.46-44.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:

118f06e0317eb7d5735990049199b354 httpd-2.0.46-44.ent.src.rpm

i386: 07294bc2ae372ae2c033f6c97a425371 httpd-2.0.46-44.ent.i386.rpm f97f7661878d345e35e49ee5b903ee97 httpd-devel-2.0.46-44.ent.i386.rpm 7ff1d8de6d421d62b5f7c35df785304e mod_ssl-2.0.46-44.ent.i386.rpm

ia64: 731331f101efda7820988a76265d5b29 httpd-2.0.46-44.ent.ia64.rpm 95451f6b0aaffbccffb8e77c88d36cc1 httpd-devel-2.0.46-44.ent.ia64.rpm badd71a4a010b5b96d854de8b4ab14c5 mod_ssl-2.0.46-44.ent.ia64.rpm

x86_64: 1b8bce6493ff433f4fe8361b897d841e httpd-2.0.46-44.ent.x86_64.rpm 7ce1eb8feef44ffdb30563484f214a61 httpd-devel-2.0.46-44.ent.x86_64.rpm fc576fed7de6149c17d5158e87ec600c mod_ssl-2.0.46-44.ent.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from


Summary

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2004:562-01
Issue date: 2004-11-12
Updated on: 2004-11-12
Product: Red Hat Enterprise Linux

Topic

Updated httpd packages that include fixes for two security issues, as well asother bugs, are now available.

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here