- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Moderate: httpd security update
Advisory ID:       RHSA-2007:0911-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0911.html
Issue date:        2007-10-25
Updated on:        2007-10-25
Product:           Red Hat Application Stack
CVE Names:         CVE-2007-3847 CVE-2007-4465 
- ---------------------------------------------------------------------1. Summary:

Updated httpd packages that fix two security issues are now available for
Red Hat Application Stack.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64
Red Hat Application Stack v2 for Enterprise Linux (v.5)  	 - i386, x86_64

3. Problem description:

The Apache HTTP Server is a popular and freely-available Web server.

A flaw was found in the Apache HTTP Server mod_proxy module. On sites where
a reverse proxy is configured, a remote attacker could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. On sites where a forward proxy is configured, an attacker
could cause a similar crash if a user could be persuaded to visit a
malicious site using the proxy. This could lead to a denial of service if
using a threaded Multi-Processing Module. (CVE-2007-3847)

A flaw was found in the mod_autoindex module.  On sites where directory
listings are used, and the AddDefaultCharset directive has been removed
from the configuration, a cross-site-scripting attack may be possible
against browsers which do not correctly derive the response character set
following the rules in RFC 2616. (CVE-2007-4465)

Users of httpd should upgrade to these updated packages which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

250731 - CVE-2007-3847 httpd out of bounds read
289511 - CVE-2007-4465 mod_autoindex XSS

6. RPMs required:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

SRPMS:
b22d942398339ba1cc053714f1245559  httpd-2.0.59-1.el4s1.8.src.rpm

i386:
23b907a015f7b4968a0f2ebe68ddb9bb  httpd-2.0.59-1.el4s1.8.i386.rpm
dfe9025cfcb1e3f5ee617481267281ac  httpd-debuginfo-2.0.59-1.el4s1.8.i386.rpm
d29093f7086e36831697065af1ace33b  httpd-devel-2.0.59-1.el4s1.8.i386.rpm
d7e801938aa2ade0ec8b6de4e38a4191  httpd-manual-2.0.59-1.el4s1.8.i386.rpm
2364d43a57752986156c38a2b2cf1a4d  mod_ssl-2.0.59-1.el4s1.8.i386.rpm

x86_64:
2692e4c6b432a195b05fabf7c479af69  httpd-2.0.59-1.el4s1.8.x86_64.rpm
2e57ee08b75d10fa8a560658b57504b5  httpd-debuginfo-2.0.59-1.el4s1.8.x86_64.rpm
8f71efc4adbb9d16a8d6575097d54ef1  httpd-devel-2.0.59-1.el4s1.8.x86_64.rpm
e5f1af974d7203f476c6592f02f9a640  httpd-manual-2.0.59-1.el4s1.8.x86_64.rpm
e99210762a5307b09fff744537ffe14d  mod_ssl-2.0.59-1.el4s1.8.x86_64.rpm

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

SRPMS:
b22d942398339ba1cc053714f1245559  httpd-2.0.59-1.el4s1.8.src.rpm

i386:
23b907a015f7b4968a0f2ebe68ddb9bb  httpd-2.0.59-1.el4s1.8.i386.rpm
dfe9025cfcb1e3f5ee617481267281ac  httpd-debuginfo-2.0.59-1.el4s1.8.i386.rpm
d29093f7086e36831697065af1ace33b  httpd-devel-2.0.59-1.el4s1.8.i386.rpm
d7e801938aa2ade0ec8b6de4e38a4191  httpd-manual-2.0.59-1.el4s1.8.i386.rpm
2364d43a57752986156c38a2b2cf1a4d  mod_ssl-2.0.59-1.el4s1.8.i386.rpm

x86_64:
2692e4c6b432a195b05fabf7c479af69  httpd-2.0.59-1.el4s1.8.x86_64.rpm
2e57ee08b75d10fa8a560658b57504b5  httpd-debuginfo-2.0.59-1.el4s1.8.x86_64.rpm
8f71efc4adbb9d16a8d6575097d54ef1  httpd-devel-2.0.59-1.el4s1.8.x86_64.rpm
e5f1af974d7203f476c6592f02f9a640  httpd-manual-2.0.59-1.el4s1.8.x86_64.rpm
e99210762a5307b09fff744537ffe14d  mod_ssl-2.0.59-1.el4s1.8.x86_64.rpm

Red Hat Application Stack v2 for Enterprise Linux (v.5)  	:

SRPMS:
5b24a23198e69394837c1bffc9a092bd  httpd-2.2.4-7.el5s2.src.rpm

i386:
e24b96db9a4fa7e549685674cf7712fe  httpd-2.2.4-7.el5s2.i386.rpm
a865d1e5d2c8c3ddfc231559d1f29f59  httpd-debuginfo-2.2.4-7.el5s2.i386.rpm
5f28a8daf0d46d53f4d32fe9e4203da9  httpd-devel-2.2.4-7.el5s2.i386.rpm
5d5a7bb9acc85554a9fc43a3fe91a97d  httpd-manual-2.2.4-7.el5s2.i386.rpm
a90655c1d69d20a46b81f3ee491a6b36  mod_ssl-2.2.4-7.el5s2.i386.rpm

x86_64:
7702abea501f3817ebf45787656acfd9  httpd-2.2.4-7.el5s2.x86_64.rpm
a865d1e5d2c8c3ddfc231559d1f29f59  httpd-debuginfo-2.2.4-7.el5s2.i386.rpm
1947e49d5aa632c97b17c5ab7e7239b7  httpd-debuginfo-2.2.4-7.el5s2.x86_64.rpm
5f28a8daf0d46d53f4d32fe9e4203da9  httpd-devel-2.2.4-7.el5s2.i386.rpm
bb87b357ca2f0f85dfa2d10fafc80f24  httpd-devel-2.2.4-7.el5s2.x86_64.rpm
2f8bdb1f247c766e46070718e2332144  httpd-manual-2.2.4-7.el5s2.x86_64.rpm
3bde4cb28d3a52c34083fea4225870c1  mod_ssl-2.2.4-7.el5s2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.