- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Moderate: httpd security update
Advisory ID:       RHSA-2007:0662-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0662.html
Issue date:        2007-07-13
Updated on:        2007-07-13
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-3304 
- ---------------------------------------------------------------------1. Summary:

Updated Apache httpd packages that correct a security issue are now
available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The Apache HTTP Server is a popular Web server. 

The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker with the ability to run
scripts on the Apache HTTP Server could manipulate the scoreboard and cause
arbitrary processes to be terminated which could lead to a denial of
service.  (CVE-2007-3304).

Users of httpd should upgrade to these updated packages, which contain
backported patches to correct this issue. Users should restart Apache
after installing this update.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

245111 - CVE-2007-3304 httpd scoreboard lack of PID protection

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
04de0fb255872ee653842ca34316ad31  httpd-2.0.46-68.ent.src.rpm

i386:
45c45a284cdab73aeebb862525f2ede7  httpd-2.0.46-68.ent.i386.rpm
bad211e4329922e6ec4c3084c155587d  httpd-debuginfo-2.0.46-68.ent.i386.rpm
7de1d694f50b018a3ef0c75d82239935  httpd-devel-2.0.46-68.ent.i386.rpm
8ed0d653d5a77352750851fd7a1bf31f  mod_ssl-2.0.46-68.ent.i386.rpm

ia64:
926247832f94dfd72401b05f525f2e20  httpd-2.0.46-68.ent.ia64.rpm
a40731fb4e87bf735fcd5bb647b0cf16  httpd-debuginfo-2.0.46-68.ent.ia64.rpm
47168f2b3cb197eec527331e166e0a48  httpd-devel-2.0.46-68.ent.ia64.rpm
87477843557016c9c84f34c68500175d  mod_ssl-2.0.46-68.ent.ia64.rpm

ppc:
42f51fe41d491ace05c74ca17d78fe46  httpd-2.0.46-68.ent.ppc.rpm
c0ec46f9857bdc714e8f966e15897a37  httpd-debuginfo-2.0.46-68.ent.ppc.rpm
a09210d5c9e0912f6299ad1c5f4c0bec  httpd-devel-2.0.46-68.ent.ppc.rpm
0e4dfbe87cabee593054d7ca4627073b  mod_ssl-2.0.46-68.ent.ppc.rpm

s390:
558efe236ba18cf1cebe60bfc9a356f9  httpd-2.0.46-68.ent.s390.rpm
a1ed197ac28cabc678b0b232fedba518  httpd-debuginfo-2.0.46-68.ent.s390.rpm
a908d0d57a07d7e574c8aeda7e0dc8d1  httpd-devel-2.0.46-68.ent.s390.rpm
b8b21f7acd5fd8e277d0b2261dbba9d1  mod_ssl-2.0.46-68.ent.s390.rpm

s390x:
988d27fe858348482b019927bc5db50a  httpd-2.0.46-68.ent.s390x.rpm
f8f60b0a404a7121b53c06770444aea8  httpd-debuginfo-2.0.46-68.ent.s390x.rpm
0dadb504ce4aea5a65e97530d91f01f4  httpd-devel-2.0.46-68.ent.s390x.rpm
5f64f5d1510bff857dbd6e2e2a1ec221  mod_ssl-2.0.46-68.ent.s390x.rpm

x86_64:
5e2133732637c3d68f5c18159689cd5a  httpd-2.0.46-68.ent.x86_64.rpm
92616d06d35472e3514e28a35d6071d5  httpd-debuginfo-2.0.46-68.ent.x86_64.rpm
305cbfae95e99237871c54f74a92ee4b  httpd-devel-2.0.46-68.ent.x86_64.rpm
7b617b1877d5c84d54b619fda1da2c6e  mod_ssl-2.0.46-68.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
04de0fb255872ee653842ca34316ad31  httpd-2.0.46-68.ent.src.rpm

i386:
45c45a284cdab73aeebb862525f2ede7  httpd-2.0.46-68.ent.i386.rpm
bad211e4329922e6ec4c3084c155587d  httpd-debuginfo-2.0.46-68.ent.i386.rpm
7de1d694f50b018a3ef0c75d82239935  httpd-devel-2.0.46-68.ent.i386.rpm
8ed0d653d5a77352750851fd7a1bf31f  mod_ssl-2.0.46-68.ent.i386.rpm

x86_64:
5e2133732637c3d68f5c18159689cd5a  httpd-2.0.46-68.ent.x86_64.rpm
92616d06d35472e3514e28a35d6071d5  httpd-debuginfo-2.0.46-68.ent.x86_64.rpm
305cbfae95e99237871c54f74a92ee4b  httpd-devel-2.0.46-68.ent.x86_64.rpm
7b617b1877d5c84d54b619fda1da2c6e  mod_ssl-2.0.46-68.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
04de0fb255872ee653842ca34316ad31  httpd-2.0.46-68.ent.src.rpm

i386:
45c45a284cdab73aeebb862525f2ede7  httpd-2.0.46-68.ent.i386.rpm
bad211e4329922e6ec4c3084c155587d  httpd-debuginfo-2.0.46-68.ent.i386.rpm
7de1d694f50b018a3ef0c75d82239935  httpd-devel-2.0.46-68.ent.i386.rpm
8ed0d653d5a77352750851fd7a1bf31f  mod_ssl-2.0.46-68.ent.i386.rpm

ia64:
926247832f94dfd72401b05f525f2e20  httpd-2.0.46-68.ent.ia64.rpm
a40731fb4e87bf735fcd5bb647b0cf16  httpd-debuginfo-2.0.46-68.ent.ia64.rpm
47168f2b3cb197eec527331e166e0a48  httpd-devel-2.0.46-68.ent.ia64.rpm
87477843557016c9c84f34c68500175d  mod_ssl-2.0.46-68.ent.ia64.rpm

x86_64:
5e2133732637c3d68f5c18159689cd5a  httpd-2.0.46-68.ent.x86_64.rpm
92616d06d35472e3514e28a35d6071d5  httpd-debuginfo-2.0.46-68.ent.x86_64.rpm
305cbfae95e99237871c54f74a92ee4b  httpd-devel-2.0.46-68.ent.x86_64.rpm
7b617b1877d5c84d54b619fda1da2c6e  mod_ssl-2.0.46-68.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
04de0fb255872ee653842ca34316ad31  httpd-2.0.46-68.ent.src.rpm

i386:
45c45a284cdab73aeebb862525f2ede7  httpd-2.0.46-68.ent.i386.rpm
bad211e4329922e6ec4c3084c155587d  httpd-debuginfo-2.0.46-68.ent.i386.rpm
7de1d694f50b018a3ef0c75d82239935  httpd-devel-2.0.46-68.ent.i386.rpm
8ed0d653d5a77352750851fd7a1bf31f  mod_ssl-2.0.46-68.ent.i386.rpm

ia64:
926247832f94dfd72401b05f525f2e20  httpd-2.0.46-68.ent.ia64.rpm
a40731fb4e87bf735fcd5bb647b0cf16  httpd-debuginfo-2.0.46-68.ent.ia64.rpm
47168f2b3cb197eec527331e166e0a48  httpd-devel-2.0.46-68.ent.ia64.rpm
87477843557016c9c84f34c68500175d  mod_ssl-2.0.46-68.ent.ia64.rpm

x86_64:
5e2133732637c3d68f5c18159689cd5a  httpd-2.0.46-68.ent.x86_64.rpm
92616d06d35472e3514e28a35d6071d5  httpd-debuginfo-2.0.46-68.ent.x86_64.rpm
305cbfae95e99237871c54f74a92ee4b  httpd-devel-2.0.46-68.ent.x86_64.rpm
7b617b1877d5c84d54b619fda1da2c6e  mod_ssl-2.0.46-68.ent.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
98d72890a6b6ca504b3a4117b39a9cb8  httpd-2.0.52-32.3.ent.src.rpm

i386:
3d49e62ddef5e26af310e695e1c85942  httpd-2.0.52-32.3.ent.i386.rpm
5c9d1e61a6dce01cf4a0ea0a8f13aaeb  httpd-debuginfo-2.0.52-32.3.ent.i386.rpm
7cd552fd590b098795e96eb44a319a24  httpd-devel-2.0.52-32.3.ent.i386.rpm
b6b8a6a9aeda14dcc1e1002ae75ff166  httpd-manual-2.0.52-32.3.ent.i386.rpm
259e29621f37bc98f7414459a6d0a7ba  httpd-suexec-2.0.52-32.3.ent.i386.rpm
acaeb0a82c710af77ff3948736774a27  mod_ssl-2.0.52-32.3.ent.i386.rpm

ia64:
6e7bf610578b828450e32e23855f180a  httpd-2.0.52-32.3.ent.ia64.rpm
e6311ddc9e353a3ff905120d3d9dab2a  httpd-debuginfo-2.0.52-32.3.ent.ia64.rpm
fa6524d8755fbe467f4b122c1fc5d105  httpd-devel-2.0.52-32.3.ent.ia64.rpm
f073506a8dda759b9d806c4ff2ff7d28  httpd-manual-2.0.52-32.3.ent.ia64.rpm
f127172ad25744bcb4584240aa2e3484  httpd-suexec-2.0.52-32.3.ent.ia64.rpm
b5e97f1a2ae1da9fa04ae6af00766f1d  mod_ssl-2.0.52-32.3.ent.ia64.rpm

ppc:
cb7e74df0b687d41515c00aa6c2f7f20  httpd-2.0.52-32.3.ent.ppc.rpm
be4924f953a80558ad60969382414d2b  httpd-debuginfo-2.0.52-32.3.ent.ppc.rpm
46d384d93a7001f25c11f934d25afdbe  httpd-devel-2.0.52-32.3.ent.ppc.rpm
6473cc4f012c92370f94b14c461c5939  httpd-manual-2.0.52-32.3.ent.ppc.rpm
95257fffaee90696acc675000f2534cd  httpd-suexec-2.0.52-32.3.ent.ppc.rpm
82e75075008ad95c8069354f968bf4ec  mod_ssl-2.0.52-32.3.ent.ppc.rpm

s390:
304dae15da3cb2f2b1a88bca696ab205  httpd-2.0.52-32.3.ent.s390.rpm
71eced2b9f805c347c3103a0d3062c7f  httpd-debuginfo-2.0.52-32.3.ent.s390.rpm
ce3b6afc7f6f6d55fe72fa70141c4204  httpd-devel-2.0.52-32.3.ent.s390.rpm
27ce295c7088caeb41a9431653c0e778  httpd-manual-2.0.52-32.3.ent.s390.rpm
55c10fb0b5242f499300f793fb17f650  httpd-suexec-2.0.52-32.3.ent.s390.rpm
df04d6a0aa1b49e02fb72030cd3d538c  mod_ssl-2.0.52-32.3.ent.s390.rpm

s390x:
5581919570c0644978581fab6fa5ed12  httpd-2.0.52-32.3.ent.s390x.rpm
26d74722b0622e9862115111a72e77e2  httpd-debuginfo-2.0.52-32.3.ent.s390x.rpm
e33cf6da4e4a25d4ebe58f73d39be7fa  httpd-devel-2.0.52-32.3.ent.s390x.rpm
f8692011da91875de1195449c7fce3b8  httpd-manual-2.0.52-32.3.ent.s390x.rpm
edca1601a6d67a4c586d674f384a8742  httpd-suexec-2.0.52-32.3.ent.s390x.rpm
92f65dcb29479c9c10eb8aeaaef6e900  mod_ssl-2.0.52-32.3.ent.s390x.rpm

x86_64:
6e2eefa4b8cc1ab593792107718256af  httpd-2.0.52-32.3.ent.x86_64.rpm
87c9dd6919e674f477377c25fe5e0376  httpd-debuginfo-2.0.52-32.3.ent.x86_64.rpm
92ec83cb5f718fdcfe430e61662bcfae  httpd-devel-2.0.52-32.3.ent.x86_64.rpm
d134b7e7091f1be16435cd76241bf6d9  httpd-manual-2.0.52-32.3.ent.x86_64.rpm
ea93db5243587f9e2043fa4f0b109224  httpd-suexec-2.0.52-32.3.ent.x86_64.rpm
5de43b0430642a8c1ac2d900db03a58c  mod_ssl-2.0.52-32.3.ent.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
98d72890a6b6ca504b3a4117b39a9cb8  httpd-2.0.52-32.3.ent.src.rpm

i386:
3d49e62ddef5e26af310e695e1c85942  httpd-2.0.52-32.3.ent.i386.rpm
5c9d1e61a6dce01cf4a0ea0a8f13aaeb  httpd-debuginfo-2.0.52-32.3.ent.i386.rpm
7cd552fd590b098795e96eb44a319a24  httpd-devel-2.0.52-32.3.ent.i386.rpm
b6b8a6a9aeda14dcc1e1002ae75ff166  httpd-manual-2.0.52-32.3.ent.i386.rpm
259e29621f37bc98f7414459a6d0a7ba  httpd-suexec-2.0.52-32.3.ent.i386.rpm
acaeb0a82c710af77ff3948736774a27  mod_ssl-2.0.52-32.3.ent.i386.rpm

x86_64:
6e2eefa4b8cc1ab593792107718256af  httpd-2.0.52-32.3.ent.x86_64.rpm
87c9dd6919e674f477377c25fe5e0376  httpd-debuginfo-2.0.52-32.3.ent.x86_64.rpm
92ec83cb5f718fdcfe430e61662bcfae  httpd-devel-2.0.52-32.3.ent.x86_64.rpm
d134b7e7091f1be16435cd76241bf6d9  httpd-manual-2.0.52-32.3.ent.x86_64.rpm
ea93db5243587f9e2043fa4f0b109224  httpd-suexec-2.0.52-32.3.ent.x86_64.rpm
5de43b0430642a8c1ac2d900db03a58c  mod_ssl-2.0.52-32.3.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
98d72890a6b6ca504b3a4117b39a9cb8  httpd-2.0.52-32.3.ent.src.rpm

i386:
3d49e62ddef5e26af310e695e1c85942  httpd-2.0.52-32.3.ent.i386.rpm
5c9d1e61a6dce01cf4a0ea0a8f13aaeb  httpd-debuginfo-2.0.52-32.3.ent.i386.rpm
7cd552fd590b098795e96eb44a319a24  httpd-devel-2.0.52-32.3.ent.i386.rpm
b6b8a6a9aeda14dcc1e1002ae75ff166  httpd-manual-2.0.52-32.3.ent.i386.rpm
259e29621f37bc98f7414459a6d0a7ba  httpd-suexec-2.0.52-32.3.ent.i386.rpm
acaeb0a82c710af77ff3948736774a27  mod_ssl-2.0.52-32.3.ent.i386.rpm

ia64:
6e7bf610578b828450e32e23855f180a  httpd-2.0.52-32.3.ent.ia64.rpm
e6311ddc9e353a3ff905120d3d9dab2a  httpd-debuginfo-2.0.52-32.3.ent.ia64.rpm
fa6524d8755fbe467f4b122c1fc5d105  httpd-devel-2.0.52-32.3.ent.ia64.rpm
f073506a8dda759b9d806c4ff2ff7d28  httpd-manual-2.0.52-32.3.ent.ia64.rpm
f127172ad25744bcb4584240aa2e3484  httpd-suexec-2.0.52-32.3.ent.ia64.rpm
b5e97f1a2ae1da9fa04ae6af00766f1d  mod_ssl-2.0.52-32.3.ent.ia64.rpm

x86_64:
6e2eefa4b8cc1ab593792107718256af  httpd-2.0.52-32.3.ent.x86_64.rpm
87c9dd6919e674f477377c25fe5e0376  httpd-debuginfo-2.0.52-32.3.ent.x86_64.rpm
92ec83cb5f718fdcfe430e61662bcfae  httpd-devel-2.0.52-32.3.ent.x86_64.rpm
d134b7e7091f1be16435cd76241bf6d9  httpd-manual-2.0.52-32.3.ent.x86_64.rpm
ea93db5243587f9e2043fa4f0b109224  httpd-suexec-2.0.52-32.3.ent.x86_64.rpm
5de43b0430642a8c1ac2d900db03a58c  mod_ssl-2.0.52-32.3.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
98d72890a6b6ca504b3a4117b39a9cb8  httpd-2.0.52-32.3.ent.src.rpm

i386:
3d49e62ddef5e26af310e695e1c85942  httpd-2.0.52-32.3.ent.i386.rpm
5c9d1e61a6dce01cf4a0ea0a8f13aaeb  httpd-debuginfo-2.0.52-32.3.ent.i386.rpm
7cd552fd590b098795e96eb44a319a24  httpd-devel-2.0.52-32.3.ent.i386.rpm
b6b8a6a9aeda14dcc1e1002ae75ff166  httpd-manual-2.0.52-32.3.ent.i386.rpm
259e29621f37bc98f7414459a6d0a7ba  httpd-suexec-2.0.52-32.3.ent.i386.rpm
acaeb0a82c710af77ff3948736774a27  mod_ssl-2.0.52-32.3.ent.i386.rpm

ia64:
6e7bf610578b828450e32e23855f180a  httpd-2.0.52-32.3.ent.ia64.rpm
e6311ddc9e353a3ff905120d3d9dab2a  httpd-debuginfo-2.0.52-32.3.ent.ia64.rpm
fa6524d8755fbe467f4b122c1fc5d105  httpd-devel-2.0.52-32.3.ent.ia64.rpm
f073506a8dda759b9d806c4ff2ff7d28  httpd-manual-2.0.52-32.3.ent.ia64.rpm
f127172ad25744bcb4584240aa2e3484  httpd-suexec-2.0.52-32.3.ent.ia64.rpm
b5e97f1a2ae1da9fa04ae6af00766f1d  mod_ssl-2.0.52-32.3.ent.ia64.rpm

x86_64:
6e2eefa4b8cc1ab593792107718256af  httpd-2.0.52-32.3.ent.x86_64.rpm
87c9dd6919e674f477377c25fe5e0376  httpd-debuginfo-2.0.52-32.3.ent.x86_64.rpm
92ec83cb5f718fdcfe430e61662bcfae  httpd-devel-2.0.52-32.3.ent.x86_64.rpm
d134b7e7091f1be16435cd76241bf6d9  httpd-manual-2.0.52-32.3.ent.x86_64.rpm
ea93db5243587f9e2043fa4f0b109224  httpd-suexec-2.0.52-32.3.ent.x86_64.rpm
5de43b0430642a8c1ac2d900db03a58c  mod_ssl-2.0.52-32.3.ent.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.