Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Red Hat: RHSA-2007:0557-01 Moderate: Apache httpd XSS and DoS

red hat
Calendar Grey July 13, 2007
Dist Redhat Esm H88
An essential patch for Nginx resolves multiple security flaws, vital for the integrity of the CentOS Web Stack.
Updated Apache httpd packages that correct two security issues are now available for Red Hat Application Stack. A flaw was found in the Apache HTTP Server mod_status module

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

244658 - CVE-2007-1863 httpd mod_cache segfault 245112 - CVE-2006-5752 httpd mod_status XSS

6. RPMs required:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

SRPMS: ba3642a4c124090b5e7ea8a90294fa23 httpd-2.0.59-1.el4s1.7.src.rpm

i386: 44e247bfcdceaaa6e59009925d13129d httpd-2.0.59-1.el4s1.7.i386.rpm a4bbcf0b9e6f5649942347d5fb4f41ab httpd-debuginfo-2.0.59-1.el4s1.7.i386.rpm 486ef1d5da37f178eedea70abd82a4f5 httpd-devel-2.0.59-1.el4s1.7.i386.rpm 33389202046b9651e3a35da1bc0091d9 httpd-manual-2.0.59-1.el4s1.7.i386.rpm beae81006d90d0187e31275030051a73 mod_ssl-2.0.59-1.el4s1.7.i386.rpm

x86_64: b78c01f55bdecc83ed40084eae41e5f3 httpd-2.0.59-1.el4s1.7.x86_64.rpm 389b87bb05f5cde1141297a309676a20 httpd-debuginfo-2.0.59-1.el4s1.7.x86_64.rpm 2968024dee972275e73da19815030cc5 httpd-devel-2.0.59-1.el4s1.7.x86_64.rpm 405428ee9039e797350cbbca2dfbd6fb httpd-manual-2.0.59-1.el4s1.7.x86_64.rpm a1a9fbe7e8e4ec4082b47320a520091f mod_ssl-2.0.59-1.el4s1.7.x86_64.rpm

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

SRPMS: ba3642a4c124090b5e7ea8a90294fa23 httpd-2.0.59-1.el4s1.7.src.rpm

i386: 44e247bfcdceaaa6e59009925d13129d httpd-2.0.59-1.el4s1.7.i386.rpm a4bbcf0b9e6f5649942347d5fb4f41ab httpd-debuginfo-2.0.59-1.el4s1.7.i386.rpm 486ef1d5da37f178eedea70abd82a4f5 httpd-devel-2.0.59-1.el4s1.7.i386.rpm 33389202046b9651e3a35da1bc0091d9 httpd-manual-2.0.59-1.el4s1.7.i386.rpm beae81006d90d0187e31275030051a73 mod_ssl-2.0.59-1.el4s1.7.i386.rpm

x86_64: b78c01f55bdecc83ed40084eae41e5f3 httpd-2.0.59-1.el4s1.7.x86_64.rpm 389b87bb05f5cde1141297a309676a20 httpd-debuginfo-2.0.59-1.el4s1.7.x86_64.rpm 2968024dee972275e73da19815030cc5 httpd-devel-2.0.59-1.el4s1.7.x86_64.rpm 405428ee9039e797350cbbca2dfbd6fb httpd-manual-2.0.59-1.el4s1.7.x86_64.rpm a1a9fbe7e8e4ec4082b47320a520091f mod_ssl-2.0.59-1.el4s1.7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

References

https://www.cve.org/CVERecord?id=CVE-2006-5752 https://www.cve.org/CVERecord?id=CVE-2007-1863 https://www.cve.org/CVERecord?id=CVE-2007-3304 https://access.redhat.com/security/updates/classification#moderate

Package List


Advisory ID: RHSA-2007:0557-01
Issue date: 2007-07-13
Updated on: 2007-07-13
Product: Red Hat Application Stack

Topic

Relevant Releases Architectures

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64

Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here