--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2004-2148 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2148 2004-11-17 --------------------------------------------------------------------- Name : httpd, apache and mod_ssl Versions : 7.3: apache-1.3.27-6.legacy, mod_ssl-2.8.12-7.legacy Versions : 9: httpd-2.0.40-21.17.legacy Versions : fc1: httpd-2.0.51-1.6.legacy Summary : The httpd Web server Description : This package contains a powerful, full-featured, efficient, and freely-available Web server based on work done by the Apache Software Foundation. It is also the most popular Web server on the Internet. --------------------------------------------------------------------- Update Information: An issue has been discovered in the mod_ssl module when configured to use the "SSLCipherSuite" directive in directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any cipher suite allowed by the virtual host configuration. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0885 to this issue. Problems that apply to Red Hat Linux 7.3 only: A buffer overflow in mod_include could allow a local user who is authorised to create server side include (SSI) files to gain the privileges of a httpd child. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0940 to this issue. Problems that apply to Red Hat Linux 9 and Fedora Core 1 only: An issue has been discovered in the handling of white space in request header lines using MIME folding. A malicious client could send a carefully crafted request, forcing the server to consume large amounts of memory, leading to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0942 to this issue. --------------------------------------------------------------------- Changelogs rh73: apache-1.3.27-6.legacy: * Thu Nov 04 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 1.3.27-6.legacy - add patch for CAN-2004-0940 (FL bug #2148) mod_ssl-2.8.12-7.legacy: * Fri Nov 05 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 2.8.12-7.legacy - add patch for CAN-2004-0885 (FL bug #2148) rh9: * Thu Nov 04 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 2.0.40-21.17.legacy - add patches for CAN-2004-0885, CAN-2004-0942 (FL bug #2148) fc1: * Fri Nov 05 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 2.0.51-1.6.legacy - add patch for CAN-2004-0942 (FL bug #2148) * Thu Oct 21 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 2.0.51-1.5.legacy - add patch for CAN-2004-0885 (FL bug #2148) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 7.3: d40866e11e91598844b054f657856d697449aad0 redhat/7.3/updates-testing/i386/apache-1.3.27-6.legacy.i386.rpm 14463609d71731d2d1a388dae83d03bcbb200eb3 redhat/7.3/updates-testing/i386/apache-devel-1.3.27-6.legacy.i386.rpm ba4e9892ffe4afbc73d4913c145e2e5dc109751d redhat/7.3/updates-testing/i386/apache-manual-1.3.27-6.legacy.i386.rpm a55bac0fa92970caf3e3d8aa611fb80698f90573 redhat/7.3/updates-testing/i386/mod_ssl-2.8.12-7.legacy.i386.rpm 6def62270ae08a9fa7a8fc375bea8eb1e3553ff4 redhat/7.3/updates-testing/SRPMS/apache-1.3.27-6.legacy.src.rpm 079fb1966c98fab1274d44ca5d0c735c9e4b851b redhat/7.3/updates-testing/SRPMS/mod_ssl-2.8.12-7.legacy.src.rpm 9: cf4421a5eb0cc960c4ac0e79c5a75af4d0a82caf redhat/9/updates-testing/i386/httpd-2.0.40-21.17.legacy.i386.rpm 6e74bb9366d1b43462ccc01eb394b8d28fc71008 redhat/9/updates-testing/i386/httpd-devel-2.0.40-21.17.legacy.i386.rpm fedddfa1d24545b9203c9d4dcd80565f12a68150 redhat/9/updates-testing/i386/httpd-manual-2.0.40-21.17.legacy.i386.rpm a4d3ec49253f09496284c7b089a539363d8c1ad1 redhat/9/updates-testing/i386/mod_ssl-2.0.40-21.17.legacy.i386.rpm 1e7bca22c9f078a4053eea21db5d04f825a60807 redhat/9/updates-testing/SRPMS/httpd-2.0.40-21.17.legacy.src.rpm fc1: 900fab9908fe5655ffaf75e85ddec3766244b095 fedora/1/updates-testing/i386/httpd-2.0.51-1.6.legacy.i386.rpm 92ceef4e0b98ae64df0ae82bdc70fbe19bbc3bff fedora/1/updates-testing/i386/httpd-devel-2.0.51-1.6.legacy.i386.rpm 76b92621a50c287af6fc54c9bd93555d12bf206b fedora/1/updates-testing/i386/httpd-manual-2.0.51-1.6.legacy.i386.rpm e4e38ace9ca2a3ee4c82b4c04fd15dc326fe0004 fedora/1/updates-testing/i386/mod_ssl-2.0.51-1.6.legacy.i386.rpm 7204fb50b3eb48203142201f0f3e6324c327bafe fedora/1/updates-testing/SRPMS/httpd-2.0.51-1.6.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list