Stay Secure with the Latest Linux Advisories

security advisoryFedora Corememory issue

Fedora Core 4: 2005-849 Critical: Mod_ssl DoS and Memory Issues

This update includes two security fixes. An issue was discovered in mod_ssl where "SSLVerifyClient require" would not be honoured in location context if the virtual host had "SSLVerifyClient optional" configured (CAN-2005-2700).. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-849 2005-09-07 ---------------------------------------------------------------------Product : Fedora Core 4 Name : httpd Version : 2.0.54 Release : 10.2 Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. The Apache HTTP Server is also the most popular Web server on the Internet. ---------------------------------------------------------------------Update Information: This update includes two security fixes. An issue was discovered in mod_ssl where "SSLVerifyClient require" would not be honoured in location context if the virtual host had "SSLVerifyClient optional" configured (CAN-2005-2700). An issue was discovered in memory consumption of the byterange filter for dynamic resources such as PHP or CGI script (CAN-2005-2728). ---------------------------------------------------------------------* Fri Sep 2 2005 Joe Orton 2.0.54-10.2 - mod_ssl: add security fix for SSLVerifyClient (#167196, CVE CAN-2005-2700) - add security fix for byterange filter DoS (#167104, CVE CAN-2005-2728) - add fix for dummy connection handling (#167425) - mod_ldap/mod_auth_ldap: add fixes from 2.0.x branch (upstream #34209 etc) - mod_ssl: add fix for handling non-blocking reads ---------------------------------------------------------------------This update can be downloaded from: de712a893989b4a89a96f3239ffe9359 SRPMS/httpd-2.0.54-10.2.src.rpm f5c47d9a1fd604a9c9f27cb52b687134 ppc/httpd-2.0.54-10.2.ppc.rpm 3fe32aacb961746f97cb239580645542 ppc/httpd-devel-2.0.54-10.2.ppc.rpm 0231bd287c86eee34823bd5de7309840 ppc/httpd-manual-2.0.54-10.2.ppc.rpm 89fc732f2caae3ec8c4fca897a57f28c ppc/mod_ssl-2.0.54-10.2.ppc.rpm 9185b402e4ebf58c362557d08f1e1e56 ppc/debug/httpd-debuginfo-2.0.54-10.2.ppc.rpm 5597e26e50c206b6292fb6a481264074 x86_64/httpd-2.0.54-10.2.x86_64.rpm e0cdb0d7c15b7882e7f446e120e8f20e x86_64/httpd-devel-2.0.54-10.2.x86_64.rpm 26dcb24b83a0528202dfe6ca343a3909 x86_64/httpd-manual-2.0.54-10.2.x86_64.rpm 5c01b4d973491f2be019bfb526199142 x86_64/mod_ssl-2.0.54-10.2.x86_64.rpm 4284f8fe2b0c85c36a87c8cd0c05f1a4 x86_64/debug/httpd-debuginfo-2.0.54-10.2.x86_64.rpm 8e1b97f27ce4a41eb7eb01c15d8eab81 i386/httpd-2.0.54-10.2.i386.rpm 9e32079613629b690beb02e91120998b i386/httpd-devel-2.0.54-10.2.i386.rpm 04bad4ac9e45412e658d82d7af66fafc i386/httpd-manual-2.0.54-10.2.i386.rpm cbe81b8781314a53962ac1b84ebc7349 i386/mod_ssl-2.0.54-10.2.i386.rpm 7b0f8b83a6f021702135942aa6159a98 i386/debug/httpd-debuginfo-2.0.54-10.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ----------------------------------------------------------------------- fedora-announce-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A new release for Fedora Core 4 provides essential updates for the httpd Apache server, targeting vulnerabilities related to mod_ssl's security.. Fedora Core 4,httpd Security Fix,mod_ssl DoS,Apache Server Update. . Severity: Critical. LinuxSecurity.com Team

Sep 07, 2005 •Critical Fedora