Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Mon, 24 Aug 2015 21:22:32 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Moderate: httpd on SL6.x i386/x86_64 MIME-Version: 1.0 Message-ID: <20150824212232.14882.31610@slpackages.fnal.gov> Synopsis: Moderate: httpd security update Advisory ID: SLSA-2015:1668-1 Issue Date: 2015-08-24 CVE Numbers: CVE-2015-3183 -- Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183) After installing the updated packages, the httpd service will be restarted automatically. -- SL6 x86_64 httpd-2.2.15-47.sl6.x86_64.rpm httpd-debuginfo-2.2.15-47.sl6.x86_64.rpm httpd-tools-2.2.15-47.sl6.x86_64.rpm httpd-debuginfo-2.2.15-47.sl6.i686.rpm httpd-devel-2.2.15-47.sl6.i686.rpm httpd-devel-2.2.15-47.sl6.x86_64.rpm mod_ssl-2.2.15-47.sl6.x86_64.rpm i386 httpd-2.2.15-47.sl6.i686.rpm httpd-debuginfo-2.2.15-47.sl6.i686.rpm httpd-tools-2.2.15-47.sl6.i686.rpm httpd-devel-2.2.15-47.sl6.i686.rpm mod_ssl-2.2.15-47.sl6.i686.rpm noarch httpd-manual-2.2.15-47.sl6.noarch.rpm - Scientific Linux Development Team