---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2007-617
2007-06-27
---------------------------------------------------------------------
Product : Fedora Core 5
Name : httpd
Version : 2.2.2
Release : 1.3
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
---------------------------------------------------------------------
Update Information:
The Apache HTTP Server did not verify that a process was an
Apache child process before sending it signals. A local
attacker with the ability to run scripts on the Apache HTTP
Server could manipulate the scoreboard and cause arbitrary
processes to be terminated which could lead to a denial of
service (CVE-2007-3304). This issue is not exploitable on
Fedora if using the default SELinux targeted policy.
A flaw was found in the Apache HTTP Server mod_status
module. On sites where the server-status page is publicly
accessible and ExtendedStatus is enabled this could lead to
a cross-site scripting attack. On Fedora the server-status
page is not enabled by default and it is best practice to
not make this publicly available. (CVE-2006-5752)
A bug was found in the Apache HTTP Server mod_cache module.
On sites where caching is enabled, a remote attacker could
send a carefully crafted request that would cause the Apache
child process handling that request to crash. This could
lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-1863)
---------------------------------------------------------------------
* Tue Jun 26 2007 Joe Orton <jorton@xxxxxxxxxx> 2.2.2-1.3
- add security fixes for CVE-2006-5752, CVE-2007-1863 and
CVE-2007-3304 (#244660)
* Wed Jul 26 2006 Joe Orton <jorton@xxxxxxxxxx> 2.2.2-1.2
- add mod_rewrite security fix (CVE-2006-3747)
* Wed Jul 19 2006 Joe Orton <jorton@xxxxxxxxxx> 2.2.2-1.1
- fix segfault on dummy connection failure at graceful restart (#199429)
* Thu May 11 2006 Joe Orton <jorton@xxxxxxxxxx> 2.2.2-1.0
- update to 2.2.2
* Thu Apr 6 2006 Joe Orton <jorton@xxxxxxxxxx> 2.2.0-5.2
- fix LDAP issues on 64-bit platforms (#188073)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/5/
24125de51e17d4f12773f72cb899d5f4dcccac27 SRPMS/httpd-2.2.2-1.3.src.rpm
24125de51e17d4f12773f72cb899d5f4dcccac27 noarch/httpd-2.2.2-1.3.src.rpm
00adf93d8caf495e7f15dcdedb0fbbec250c0eeb ppc/httpd-2.2.2-1.3.ppc.rpm
39993ec6f18d602a084120c9b5644f9fbccb0b88 ppc/mod_ssl-2.2.2-1.3.ppc.rpm
034030bf55cc4010ad4530407002fda27ec91ff0 ppc/httpd-manual-2.2.2-1.3.ppc.rpm
f38fc261e03f7b9a16674d07bcdc57e8e0130269 ppc/httpd-devel-2.2.2-1.3.ppc.rpm
20122e7c9cb4528e900bff261f79b95f6749d09d ppc/debug/httpd-debuginfo-2.2.2-1.3.ppc.rpm
8ff87ddbf5e0d163d354d986a7758f652de7616e x86_64/httpd-devel-2.2.2-1.3.x86_64.rpm
5239858ddeaa7837b618d25939caacd4b92d4330 x86_64/debug/httpd-debuginfo-2.2.2-1.3.x86_64.rpm
394cb37a3227eb9278e52a53a488fc8dc46774a6 x86_64/mod_ssl-2.2.2-1.3.x86_64.rpm
ab64e3643fbc04fe20566102dfa40dcb3f0b6929 x86_64/httpd-manual-2.2.2-1.3.x86_64.rpm
47c09a2bf8d81626ee489cd7526b3ad9b473a3c3 x86_64/httpd-2.2.2-1.3.x86_64.rpm
33069b97b0741805004100012039d400e66caaff i386/httpd-manual-2.2.2-1.3.i386.rpm
0529267da0f96456b9f53164ceeab54282884441 i386/httpd-2.2.2-1.3.i386.rpm
1e3b0820c5e4144f3334842fc62bbe38e5f464be i386/debug/httpd-debuginfo-2.2.2-1.3.i386.rpm
0539d63dd38c892a694c8bfee5752592fe01d5e2 i386/httpd-devel-2.2.2-1.3.i386.rpm
f0f5cf274b625d907e7bfa02269450e489345a31 i386/mod_ssl-2.2.2-1.3.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
