--------------------------------------------------------------------- Fedora Test Update Notification FEDORA-2005-848 2005-09-06 --------------------------------------------------------------------- Product : Fedora Core 3 Name : httpd Version : 2.0.53 Release : 3.3 Summary : Apache HTTP Server Description : Apache is a powerful, full-featured, efficient, and freely-available Web server. Apache is also the most popular Web server on the Internet. --------------------------------------------------------------------- Update Information: This update includes two security fixes. An issue was discovered in mod_ssl where "SSLVerifyClient require" would not be honoured in location context if the virtual host had "SSLVerifyClient optional" configured (CAN-2005-2700). An issue was discovered in memory consumption of the byterange filter for dynamic resources such as PHP or CGI script (CAN-2005-2728). --------------------------------------------------------------------- * Fri Sep 2 2005 Joe Orton <jorton@xxxxxxxxxx> 2.0.53-3.3 - mod_ssl: add security fix for SSLVerifyClient (#167196, CVE CAN-2005-2700) - add security fix for byterange filter DoS (#167104, CVE CAN-2005-2728) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/3/ a292da621297efb81c961aebf09a7e95 SRPMS/httpd-2.0.53-3.3.src.rpm c6180d5fd66cc9789efe41624ea6bc0c x86_64/httpd-2.0.53-3.3.x86_64.rpm ea77ffe86d050f162b9b6cfbd671e67a x86_64/httpd-devel-2.0.53-3.3.x86_64.rpm 53c0f17ee9a492da26d5ebe04c0ee39a x86_64/httpd-manual-2.0.53-3.3.x86_64.rpm 074f826908e7c4e37eaf1a938c20e2ab x86_64/mod_ssl-2.0.53-3.3.x86_64.rpm dc31ec7eacbdc4d3ef46f66bd329ff05 x86_64/httpd-suexec-2.0.53-3.3.x86_64.rpm 0954c40bfea0d6111cdfa2596c3b0ba4 x86_64/debug/httpd-debuginfo-2.0.53-3.3.x86_64.rpm 098a9f51210a0506510291377e5573ef i386/httpd-2.0.53-3.3.i386.rpm cd839b3140797166a18b238d3f1a187b i386/httpd-devel-2.0.53-3.3.i386.rpm 6286fb06b13f0a803c1ddda6822c3e07 i386/httpd-manual-2.0.53-3.3.i386.rpm 1051d4870c7d55528284b1a7786dfc1e i386/mod_ssl-2.0.53-3.3.i386.rpm a48d02c57d1d5482d98e9b79668b934c i386/httpd-suexec-2.0.53-3.3.i386.rpm 1368036e846311135df598f150708d11 i386/debug/httpd-debuginfo-2.0.53-3.3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. You may need to edit your up2date channels configuration. Within /etc/sysconfig/rhn/sources enable the following line: yum updates-testing http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/3/$ARCH --------------------------------------------------------------------- -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-test-list