--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2004-2068 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2068 2004-10-02 --------------------------------------------------------------------- Name : httpd Versions : 9: 2.0.40-21.15.legacy, fc1: httpd-2.0.51-1.3.legacy Summary : The httpd Web server Description : This package contains a powerful, full-featured, efficient, and freely-available Web server based on work done by the Apache Software Foundation. It is also the most popular Web server on the Internet. --------------------------------------------------------------------- Update Information: Problems that apply to Red Hat Linux 9 only: A stack buffer overflow was discovered in mod_ssl that could be triggered if using the FakeBasicAuth option. If mod_ssl was sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow occured if FakeBasicAuth had been enabled. In order to exploit this issue the carefully crafted malicious certificate would have had to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0488 to this issue. A remotely triggered memory leak in the Apache HTTP Server earlier than version 2.0.50 was also discovered. This allowed a remote attacker to perform a denial of service attack against the server by forcing it to consume large amounts of memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0493 to this issue. Problems that apply to Fedora Core 1 only: Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child process could be made to crash. This issue is not believed to allow arbitrary code execution on Red Hat Enterprise Linux. This issue also does not represent a significant denial of service attack as requests will continue to be handled by other Apache child processes. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0786 to this issue. An input filter bug in mod_ssl was discovered in Apache httpd version 2.0.50 and earlier. A remote attacker could force an SSL connection to be aborted in a particular state and cause an Apache child process to enter an infinite loop, consuming CPU resources. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0748 to this issue. Note that these packages do also contain the fix for a regression in Satisfy handling in the 2.0.51 release (CAN-2004-0811). Problems that apply to both Red Hat Linux 9 and Fedora Core 1: The Swedish IT Incident Centre (SITIC) reported a buffer overflow in the expansion of environment variables during configuration file parsing. This issue could allow a local user to gain 'apache' privileges if an httpd process can be forced to parse a carefully crafted .htaccess file written by a local user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0747 to this issue. An issue was discovered in the mod_ssl module which could be triggered if the server is configured to allow proxying to a remote SSL server. A malicious remote SSL server could force an httpd child process to crash by sending a carefully crafted response header. This issue is not believed to allow execution of arbitrary code. This issue also does not represent a significant Denial of Service attack as requests will continue to be handled by other Apache child processes. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0751 to this issue. An issue was discovered in the mod_dav module which could be triggered for a location where WebDAV authoring access has been configured. A malicious remote client which is authorized to use the LOCK method could force an httpd child process to crash by sending a particular sequence of LOCK requests. This issue does not allow execution of arbitrary code. This issue also does not represent a significant Denial of Service attack as requests will continue to be handled by other Apache child processes. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0809 to this issue. --------------------------------------------------------------------- 9 changelog: * Sat Oct 02 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.0.40-21.15.legacy - added missing autoconf, libtool, zlib-devel, gdbm-devel BuildPrereq * Thu Sep 16 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.0.40-21.14.legacy - add security fixes for CVE CAN-2004-0747, CAN-2004-0751, CAN-2004-0809 * Fri Jul 02 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.0.40-21.13.legacy - add security fix for CVE CAN-2004-0493 * Wed Jun 02 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.0.40-21.12.legacy - add security fix for CVE CAN-2004-0488 fc1 changelog: * Sat Oct 02 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.0.51-1.3.legacy - added missing autoconf, libtool, zlib-devel, gdbm-devel BuildPrereq * Fri Sep 24 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.0.51-1.2.legacy - fix 2.0.51 regression in Satisfy merging (CAN-2004-0811) - ap_rgetline_core fix from Rici Lake * Wed Sep 15 2004 Joe Orton <jorton@xxxxxxxxxx> 2.0.51-1.1 - update to 2.0.51, including security fixes for: * core: CAN-2004-0747 * mod_dav_fs: CAN-2004-0809 * mod_ssl: CAN-2004-0751, CAN-2004-0748 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 61997e8996a1b23033ae454de71a9e91b055d1a8 redhat/9/updates-testing/i386/httpd-2.0.40-21.15.legacy.i386.rpm cf9f084087b218e92a0bfab70b3a609ab1d5000e redhat/9/updates-testing/i386/httpd-devel-2.0.40-21.15.legacy.i386.rpm d066d847375e027c357b4d5d63da29e1b586c4eb redhat/9/updates-testing/i386/httpd-manual-2.0.40-21.15.legacy.i386.rpm 8f33bda286bf7ffd5bf3d50a7a31a0e90fa5b9ee redhat/9/updates-testing/i386/mod_ssl-2.0.40-21.15.legacy.i386.rpm 5937d27e764a0175af86f7e9932a8eca2c959641 redhat/9/updates-testing/SRPMS/httpd-2.0.40-21.15.legacy.src.rpm facbb28a24a911ab3cfadc94a1ce13b50b15ceff fedora/1/updates-testing/i386/httpd-2.0.51-1.3.legacy.i386.rpm 9738f329a9e5648a3cde3f6a91573d56d29ffd44 fedora/1/updates-testing/i386/httpd-devel-2.0.51-1.3.legacy.i386.rpm ec6918ffb15517a85de6447e2b272a9d1afc3fd3 fedora/1/updates-testing/i386/httpd-manual-2.0.51-1.3.legacy.i386.rpm 777911d1c311c84e0df4aa4589a47a327c63b125 fedora/1/updates-testing/i386/mod_ssl-2.0.51-1.3.legacy.i386.rpm 6e224a7fcca8e6fc383022dcc092b930352b4e1c fedora/1/updates-testing/SRPMS/httpd-2.0.51-1.3.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
