Fedora Core 4 Update: httpd-2.0.54-10.2 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

How strictly do your users obey your security policies?

	To the letter.
	For the most part.
	When it suits them.
	By chance.
	Not at all.

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

Emily Ratliff: OS Security

DanWalsh LiveJournal

Security Bloggers Network

Latest Newsletters

Linux Security Week: December 1st, 2008

Linux Advisory Watch: November 28th, 2008

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Fedora Core 4 Update: httpd-2.0.54-10.2

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

This update includes two security fixes. An issue was discovered in mod_ssl where "SSLVerifyClient require" would not be honoured in location context if the virtual host had "SSLVerifyClient optional" configured (CAN-2005-2700).

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-849
2005-09-07
---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : httpd
Version     : 2.0.54                      
Release     : 10.2                  
Summary     : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, full-featured, efficient, and
freely-available Web server. The Apache HTTP Server is also the
most popular Web server on the Internet.

---------------------------------------------------------------------
Update Information:

This update includes two security fixes. An issue was
discovered in mod_ssl where "SSLVerifyClient require" would
not be honoured in location context if the virtual host had
"SSLVerifyClient optional" configured (CAN-2005-2700). An
issue was discovered in memory consumption of the byterange
filter for dynamic resources such as PHP or CGI script
(CAN-2005-2728).
---------------------------------------------------------------------
* Fri Sep  2 2005 Joe Orton  2.0.54-10.2
- mod_ssl: add security fix for SSLVerifyClient (#167196, CVE CAN-2005-2700)
- add security fix for byterange filter DoS (#167104, CVE CAN-2005-2728)
- add fix for dummy connection handling (#167425)
- mod_ldap/mod_auth_ldap: add fixes from 2.0.x branch (upstream #34209 etc)
- mod_ssl: add fix for handling non-blocking reads


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

de712a893989b4a89a96f3239ffe9359  SRPMS/httpd-2.0.54-10.2.src.rpm
f5c47d9a1fd604a9c9f27cb52b687134  ppc/httpd-2.0.54-10.2.ppc.rpm
3fe32aacb961746f97cb239580645542  ppc/httpd-devel-2.0.54-10.2.ppc.rpm
0231bd287c86eee34823bd5de7309840  ppc/httpd-manual-2.0.54-10.2.ppc.rpm
89fc732f2caae3ec8c4fca897a57f28c  ppc/mod_ssl-2.0.54-10.2.ppc.rpm
9185b402e4ebf58c362557d08f1e1e56  ppc/debug/httpd-debuginfo-2.0.54-10.2.ppc.rpm
5597e26e50c206b6292fb6a481264074  x86_64/httpd-2.0.54-10.2.x86_64.rpm
e0cdb0d7c15b7882e7f446e120e8f20e  x86_64/httpd-devel-2.0.54-10.2.x86_64.rpm
26dcb24b83a0528202dfe6ca343a3909  x86_64/httpd-manual-2.0.54-10.2.x86_64.rpm
5c01b4d973491f2be019bfb526199142  x86_64/mod_ssl-2.0.54-10.2.x86_64.rpm
4284f8fe2b0c85c36a87c8cd0c05f1a4  x86_64/debug/httpd-debuginfo-2.0.54-10.2.x86_64.rpm
8e1b97f27ce4a41eb7eb01c15d8eab81  i386/httpd-2.0.54-10.2.i386.rpm
9e32079613629b690beb02e91120998b  i386/httpd-devel-2.0.54-10.2.i386.rpm
04bad4ac9e45412e658d82d7af66fafc  i386/httpd-manual-2.0.54-10.2.i386.rpm
cbe81b8781314a53962ac1b84ebc7349  i386/mod_ssl-2.0.54-10.2.i386.rpm
7b0f8b83a6f021702135942aa6159a98  i386/debug/httpd-debuginfo-2.0.54-10.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

-- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

< Prev		Next >

Partner:

Latest Features

A Secure Nagios Server

Never Installed a Firewall on Ubuntu? Try Firestarter

Review: Hacking Exposed Linux, Third Edition

Security Features of Firefox 3.0

Review: The Book of Wireless

April 2008 Open Source Tool of the Month: sudo

Open Source Tool of March: ZoneMinder

Yesterday's Edition

Data Encryption and Ubuntu

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
Security Projects , Latest News , Newsletters , SELinux , Privacy , Home,
Hardening , About Us, Advertise, Legal Notice, RSS, Guardian Digital