---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2007-615
2007-06-27
---------------------------------------------------------------------
Product : Fedora Core 6
Name : httpd
Version : 2.2.4
Release : 2.1.fc6
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
---------------------------------------------------------------------
Update Information:
The Apache HTTP Server did not verify that a process was an
Apache child process before sending it signals. A local
attacker with the ability to run scripts on the Apache HTTP
Server could manipulate the scoreboard and cause arbitrary
processes to be terminated which could lead to a denial of
service (CVE-2007-3304). This issue is not exploitable on
Fedora if using the default SELinux targeted policy.
A flaw was found in the Apache HTTP Server mod_status
module. On sites where the server-status page is publicly
accessible and ExtendedStatus is enabled this could lead to
a cross-site scripting attack. On Fedora the server-status
page is not enabled by default and it is best practice to
not make this publicly available. (CVE-2006-5752)
A bug was found in the Apache HTTP Server mod_cache module.
On sites where caching is enabled, a remote attacker could
send a carefully crafted request that would cause the Apache
child process handling that request to crash. This could
lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-1863)
A bug was found in the mod_mem_cache module. On sites where
caching is enabled using this module, an information leak
could occur which revealed portions of sensitive memory to
remote users. (CVE-2007-1862)
---------------------------------------------------------------------
* Tue Jun 26 2007 Joe Orton <jorton@xxxxxxxxxx> 2.2.4-2.1.fc6
- add security fixes for CVE-2006-5752, CVE-2007-1862,
CVE-2007-1863, CVE-2007-3304 (#244660)
* Fri Apr 27 2007 Joe Orton <jorton@xxxxxxxxxx> 2.2.4-2.fc6
- fix loading 2.2.4 DSOs with 2.2.3 httpd (#238045)
- mark httpd.conf noreplace
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/
1f53da28b0b59e8cd1deb3ecbe0ac219f61346e8 SRPMS/httpd-2.2.4-2.1.fc6.src.rpm
1f53da28b0b59e8cd1deb3ecbe0ac219f61346e8 noarch/httpd-2.2.4-2.1.fc6.src.rpm
3787bbec16ba78e1ae999654314ce5acf1c0c21a ppc/httpd-devel-2.2.4-2.1.fc6.ppc.rpm
93ca85a01cdd0c85548d0119495552c027a47a50 ppc/httpd-2.2.4-2.1.fc6.ppc.rpm
19aeb6e5d8d97fa70a6c8000a981164196bdb282 ppc/debug/httpd-debuginfo-2.2.4-2.1.fc6.ppc.rpm
f46033f98da01f7f994d64cb5d4144d90c7f26e0 ppc/httpd-manual-2.2.4-2.1.fc6.ppc.rpm
5218cc43dec11c3ccabbe3309545fbaf9c615c6b ppc/mod_ssl-2.2.4-2.1.fc6.ppc.rpm
80a557118f8f7bfdf76714798a4e2243523fe9ac x86_64/httpd-2.2.4-2.1.fc6.x86_64.rpm
3663f14a581852766904ef0e13ab7ead08848414 x86_64/mod_ssl-2.2.4-2.1.fc6.x86_64.rpm
be1f2e8380743331a8566aafc955907bbe9bd092 x86_64/httpd-manual-2.2.4-2.1.fc6.x86_64.rpm
ba272e0217a9bb3064a68de5c63602919fb40642 x86_64/httpd-devel-2.2.4-2.1.fc6.x86_64.rpm
805fbb4c909e1453dfd0301c8fee82ecbe5cc41a x86_64/debug/httpd-debuginfo-2.2.4-2.1.fc6.x86_64.rpm
4074b49c75406327023dfb0f2d4b267183619d53 i386/debug/httpd-debuginfo-2.2.4-2.1.fc6.i386.rpm
e72c5706cb8183b00c7a4ac23fa9377aa7693dac i386/httpd-devel-2.2.4-2.1.fc6.i386.rpm
7c749b2ff3e104d1d182784278ee999dac2cbec8 i386/httpd-manual-2.2.4-2.1.fc6.i386.rpm
8f30d52121c775694e9d9684a195a424601da00f i386/mod_ssl-2.2.4-2.1.fc6.i386.rpm
089d53cbf0e3c5f04028ebf0f1b4fb33ab1e8d87 i386/httpd-2.2.4-2.1.fc6.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
