- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Moderate: httpd security update
Advisory ID:       RHSA-2006:0619-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2006:0619.html
Issue date:        2006-08-10
Updated on:        2006-08-10
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-3918 
- ---------------------------------------------------------------------1. Summary:

Updated Apache httpd packages that correct security issues and resolve bugs
are now available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The Apache HTTP Server is a popular Web server available for free.

A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message.  This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header.  (CVE-2006-3918)

While a web browser cannot be forced to send an arbitrary Expect
header by a third-party attacker, it was recently discovered that
certain versions of the Flash plugin can manipulate request headers.
If users running such versions can be persuaded to load a web page
with a malicious Flash applet, a cross-site scripting attack against
the server may be possible.

On Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in
the handling of malformed Expect headers, the page produced by the
cross-site scripting attack will only be returned after a timeout expires
(2-5 minutes by default) if not first canceled by the user.

Users of httpd should update to these erratum packages, which contain a
backported patch to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

200732 - CVE-2006-3918 Expect header XSS

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
04cf2be7ea48113d24aad1d32b36ad0b  httpd-2.0.46-61.ent.src.rpm

i386:
d9bb6b02095ee31f3779a41ccf37e889  httpd-2.0.46-61.ent.i386.rpm
eae693185994488d65566a690a1e43b5  httpd-debuginfo-2.0.46-61.ent.i386.rpm
59adb3ab038e3bf0e799b1d246913b87  httpd-devel-2.0.46-61.ent.i386.rpm
8095700d500f6427d83e7e65010d91c5  mod_ssl-2.0.46-61.ent.i386.rpm

ia64:
66c25ecc5c74599ba3a7bb3f2fa9f4b8  httpd-2.0.46-61.ent.ia64.rpm
f8e037feaae5deef8418d5d7f276eae5  httpd-debuginfo-2.0.46-61.ent.ia64.rpm
c967c0497ef645d09805b432add9fac2  httpd-devel-2.0.46-61.ent.ia64.rpm
635c92aac642b85d9b49322c4fd09f39  mod_ssl-2.0.46-61.ent.ia64.rpm

ppc:
54e916bfdc60fdd36ff8e924f18fa165  httpd-2.0.46-61.ent.ppc.rpm
59e5b716afb5cc4968c445d4114b18e0  httpd-debuginfo-2.0.46-61.ent.ppc.rpm
acaaf4cbdca1df0cd1e781af286c8758  httpd-devel-2.0.46-61.ent.ppc.rpm
076c66ddc29fc5d97fc9b33f744dda30  mod_ssl-2.0.46-61.ent.ppc.rpm

s390:
631fd6776f5930a1a5346ef7b651a596  httpd-2.0.46-61.ent.s390.rpm
c92b39cea6574b088d879f17406e1f1e  httpd-debuginfo-2.0.46-61.ent.s390.rpm
d547adbcdb6e9b7c3971db416196eb24  httpd-devel-2.0.46-61.ent.s390.rpm
7bb49ad738ca9fd78ee1fcaaf6fa85e9  mod_ssl-2.0.46-61.ent.s390.rpm

s390x:
88820ef80fc2f013716483ed9cc24618  httpd-2.0.46-61.ent.s390x.rpm
b5da9fe9b0a72da25644623099c97d54  httpd-debuginfo-2.0.46-61.ent.s390x.rpm
9f02adf3a99778f31bdcc5e83c552ccf  httpd-devel-2.0.46-61.ent.s390x.rpm
6f9e00153fb16ca4d84ca25edc8b369d  mod_ssl-2.0.46-61.ent.s390x.rpm

x86_64:
a867591bfea47c5918bb37b37fbec21a  httpd-2.0.46-61.ent.x86_64.rpm
8f8cd4e2b9024b355965888c3ba0196d  httpd-debuginfo-2.0.46-61.ent.x86_64.rpm
624fd85d9aa4e6372f1663052df06309  httpd-devel-2.0.46-61.ent.x86_64.rpm
927b300b3ff027401c1c7b38dac1cfa0  mod_ssl-2.0.46-61.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
04cf2be7ea48113d24aad1d32b36ad0b  httpd-2.0.46-61.ent.src.rpm

i386:
d9bb6b02095ee31f3779a41ccf37e889  httpd-2.0.46-61.ent.i386.rpm
eae693185994488d65566a690a1e43b5  httpd-debuginfo-2.0.46-61.ent.i386.rpm
59adb3ab038e3bf0e799b1d246913b87  httpd-devel-2.0.46-61.ent.i386.rpm
8095700d500f6427d83e7e65010d91c5  mod_ssl-2.0.46-61.ent.i386.rpm

x86_64:
a867591bfea47c5918bb37b37fbec21a  httpd-2.0.46-61.ent.x86_64.rpm
8f8cd4e2b9024b355965888c3ba0196d  httpd-debuginfo-2.0.46-61.ent.x86_64.rpm
624fd85d9aa4e6372f1663052df06309  httpd-devel-2.0.46-61.ent.x86_64.rpm
927b300b3ff027401c1c7b38dac1cfa0  mod_ssl-2.0.46-61.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
04cf2be7ea48113d24aad1d32b36ad0b  httpd-2.0.46-61.ent.src.rpm

i386:
d9bb6b02095ee31f3779a41ccf37e889  httpd-2.0.46-61.ent.i386.rpm
eae693185994488d65566a690a1e43b5  httpd-debuginfo-2.0.46-61.ent.i386.rpm
59adb3ab038e3bf0e799b1d246913b87  httpd-devel-2.0.46-61.ent.i386.rpm
8095700d500f6427d83e7e65010d91c5  mod_ssl-2.0.46-61.ent.i386.rpm

ia64:
66c25ecc5c74599ba3a7bb3f2fa9f4b8  httpd-2.0.46-61.ent.ia64.rpm
f8e037feaae5deef8418d5d7f276eae5  httpd-debuginfo-2.0.46-61.ent.ia64.rpm
c967c0497ef645d09805b432add9fac2  httpd-devel-2.0.46-61.ent.ia64.rpm
635c92aac642b85d9b49322c4fd09f39  mod_ssl-2.0.46-61.ent.ia64.rpm

x86_64:
a867591bfea47c5918bb37b37fbec21a  httpd-2.0.46-61.ent.x86_64.rpm
8f8cd4e2b9024b355965888c3ba0196d  httpd-debuginfo-2.0.46-61.ent.x86_64.rpm
624fd85d9aa4e6372f1663052df06309  httpd-devel-2.0.46-61.ent.x86_64.rpm
927b300b3ff027401c1c7b38dac1cfa0  mod_ssl-2.0.46-61.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
04cf2be7ea48113d24aad1d32b36ad0b  httpd-2.0.46-61.ent.src.rpm

i386:
d9bb6b02095ee31f3779a41ccf37e889  httpd-2.0.46-61.ent.i386.rpm
eae693185994488d65566a690a1e43b5  httpd-debuginfo-2.0.46-61.ent.i386.rpm
59adb3ab038e3bf0e799b1d246913b87  httpd-devel-2.0.46-61.ent.i386.rpm
8095700d500f6427d83e7e65010d91c5  mod_ssl-2.0.46-61.ent.i386.rpm

ia64:
66c25ecc5c74599ba3a7bb3f2fa9f4b8  httpd-2.0.46-61.ent.ia64.rpm
f8e037feaae5deef8418d5d7f276eae5  httpd-debuginfo-2.0.46-61.ent.ia64.rpm
c967c0497ef645d09805b432add9fac2  httpd-devel-2.0.46-61.ent.ia64.rpm
635c92aac642b85d9b49322c4fd09f39  mod_ssl-2.0.46-61.ent.ia64.rpm

x86_64:
a867591bfea47c5918bb37b37fbec21a  httpd-2.0.46-61.ent.x86_64.rpm
8f8cd4e2b9024b355965888c3ba0196d  httpd-debuginfo-2.0.46-61.ent.x86_64.rpm
624fd85d9aa4e6372f1663052df06309  httpd-devel-2.0.46-61.ent.x86_64.rpm
927b300b3ff027401c1c7b38dac1cfa0  mod_ssl-2.0.46-61.ent.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
4f35d5c8dc42f7e0c8d47fbe15f80ee7  httpd-2.0.52-28.ent.src.rpm

i386:
0b30f0a89cca20b95784a39fcab65e35  httpd-2.0.52-28.ent.i386.rpm
16c54cd14dd2efbcc264ce313107aa1e  httpd-debuginfo-2.0.52-28.ent.i386.rpm
1f5dc32947852da3a57662e6d8d5da21  httpd-devel-2.0.52-28.ent.i386.rpm
453758ed80cda526c0d28dbe6a4fb053  httpd-manual-2.0.52-28.ent.i386.rpm
08c31b58be6c3a3e56b4ab8cd7c9d60b  httpd-suexec-2.0.52-28.ent.i386.rpm
bafd04190956db5220e1931f1cdfda06  mod_ssl-2.0.52-28.ent.i386.rpm

ia64:
981d825a38f285dc367a57909ebb1bb5  httpd-2.0.52-28.ent.ia64.rpm
cf2d0c7a8b16aa07012fd164f490e040  httpd-debuginfo-2.0.52-28.ent.ia64.rpm
37da1e4c1527b539523bd076595ec3fb  httpd-devel-2.0.52-28.ent.ia64.rpm
e6dc477ed351c90340a16ee7e05a6c0f  httpd-manual-2.0.52-28.ent.ia64.rpm
2e8c68c3be5aba7ff97fe63a5204c1ed  httpd-suexec-2.0.52-28.ent.ia64.rpm
1b20f7a2d51bb180b8e0d7ce7198c37a  mod_ssl-2.0.52-28.ent.ia64.rpm

ppc:
d5f2c327364716fac423212bab0e78ae  httpd-2.0.52-28.ent.ppc.rpm
22e7b339bf1bd1673ac55d5ee26a9abf  httpd-debuginfo-2.0.52-28.ent.ppc.rpm
90bd7f4d121543fa18c46d5e4d061800  httpd-devel-2.0.52-28.ent.ppc.rpm
4df7750df209c840db61a391c4dc53cb  httpd-manual-2.0.52-28.ent.ppc.rpm
d990a29b89b52cc4f106f71e960de2f6  httpd-suexec-2.0.52-28.ent.ppc.rpm
2e36173faaf66a60e16f4ab560943264  mod_ssl-2.0.52-28.ent.ppc.rpm

s390:
6b4eadc50cd34b89a5e552a9d837915b  httpd-2.0.52-28.ent.s390.rpm
10b1258eaa72cb7d24f307f4b56587d6  httpd-debuginfo-2.0.52-28.ent.s390.rpm
c32a312d95476cb5239f09ac5640cc89  httpd-devel-2.0.52-28.ent.s390.rpm
9f2a04f98ba26be7241299f38b3bdb30  httpd-manual-2.0.52-28.ent.s390.rpm
3f69e468aa98ccb4041eb638fb4f9836  httpd-suexec-2.0.52-28.ent.s390.rpm
b1bf1d1537d3c69db0810449cd40a202  mod_ssl-2.0.52-28.ent.s390.rpm

s390x:
1ade626c844752cacd4a4e3693b89c4d  httpd-2.0.52-28.ent.s390x.rpm
1b47cc782af3c9ae292070bc4153314d  httpd-debuginfo-2.0.52-28.ent.s390x.rpm
0473513c742d3926e936daa1cedb01e3  httpd-devel-2.0.52-28.ent.s390x.rpm
62693d03ee562582b0e8b3338da593ff  httpd-manual-2.0.52-28.ent.s390x.rpm
ce08d7a587630f3568d49a35d1aa3ad7  httpd-suexec-2.0.52-28.ent.s390x.rpm
bf53b4918b08d5efd7abaf97445821f5  mod_ssl-2.0.52-28.ent.s390x.rpm

x86_64:
5ea25c8a07bb0021b79d3607bebb7324  httpd-2.0.52-28.ent.x86_64.rpm
07e4bd6632a3775bb5fc56cdebdf1302  httpd-debuginfo-2.0.52-28.ent.x86_64.rpm
349f57d1d4819f8adb4a46118b774a50  httpd-devel-2.0.52-28.ent.x86_64.rpm
53ba74eac84a36cc1cb2829add804236  httpd-manual-2.0.52-28.ent.x86_64.rpm
ad3cdee012b0cc635caa391ab695345c  httpd-suexec-2.0.52-28.ent.x86_64.rpm
92a99ce7ec860e35b735814360ec37cb  mod_ssl-2.0.52-28.ent.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
4f35d5c8dc42f7e0c8d47fbe15f80ee7  httpd-2.0.52-28.ent.src.rpm

i386:
0b30f0a89cca20b95784a39fcab65e35  httpd-2.0.52-28.ent.i386.rpm
16c54cd14dd2efbcc264ce313107aa1e  httpd-debuginfo-2.0.52-28.ent.i386.rpm
1f5dc32947852da3a57662e6d8d5da21  httpd-devel-2.0.52-28.ent.i386.rpm
453758ed80cda526c0d28dbe6a4fb053  httpd-manual-2.0.52-28.ent.i386.rpm
08c31b58be6c3a3e56b4ab8cd7c9d60b  httpd-suexec-2.0.52-28.ent.i386.rpm
bafd04190956db5220e1931f1cdfda06  mod_ssl-2.0.52-28.ent.i386.rpm

x86_64:
5ea25c8a07bb0021b79d3607bebb7324  httpd-2.0.52-28.ent.x86_64.rpm
07e4bd6632a3775bb5fc56cdebdf1302  httpd-debuginfo-2.0.52-28.ent.x86_64.rpm
349f57d1d4819f8adb4a46118b774a50  httpd-devel-2.0.52-28.ent.x86_64.rpm
53ba74eac84a36cc1cb2829add804236  httpd-manual-2.0.52-28.ent.x86_64.rpm
ad3cdee012b0cc635caa391ab695345c  httpd-suexec-2.0.52-28.ent.x86_64.rpm
92a99ce7ec860e35b735814360ec37cb  mod_ssl-2.0.52-28.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
4f35d5c8dc42f7e0c8d47fbe15f80ee7  httpd-2.0.52-28.ent.src.rpm

i386:
0b30f0a89cca20b95784a39fcab65e35  httpd-2.0.52-28.ent.i386.rpm
16c54cd14dd2efbcc264ce313107aa1e  httpd-debuginfo-2.0.52-28.ent.i386.rpm
1f5dc32947852da3a57662e6d8d5da21  httpd-devel-2.0.52-28.ent.i386.rpm
453758ed80cda526c0d28dbe6a4fb053  httpd-manual-2.0.52-28.ent.i386.rpm
08c31b58be6c3a3e56b4ab8cd7c9d60b  httpd-suexec-2.0.52-28.ent.i386.rpm
bafd04190956db5220e1931f1cdfda06  mod_ssl-2.0.52-28.ent.i386.rpm

ia64:
981d825a38f285dc367a57909ebb1bb5  httpd-2.0.52-28.ent.ia64.rpm
cf2d0c7a8b16aa07012fd164f490e040  httpd-debuginfo-2.0.52-28.ent.ia64.rpm
37da1e4c1527b539523bd076595ec3fb  httpd-devel-2.0.52-28.ent.ia64.rpm
e6dc477ed351c90340a16ee7e05a6c0f  httpd-manual-2.0.52-28.ent.ia64.rpm
2e8c68c3be5aba7ff97fe63a5204c1ed  httpd-suexec-2.0.52-28.ent.ia64.rpm
1b20f7a2d51bb180b8e0d7ce7198c37a  mod_ssl-2.0.52-28.ent.ia64.rpm

x86_64:
5ea25c8a07bb0021b79d3607bebb7324  httpd-2.0.52-28.ent.x86_64.rpm
07e4bd6632a3775bb5fc56cdebdf1302  httpd-debuginfo-2.0.52-28.ent.x86_64.rpm
349f57d1d4819f8adb4a46118b774a50  httpd-devel-2.0.52-28.ent.x86_64.rpm
53ba74eac84a36cc1cb2829add804236  httpd-manual-2.0.52-28.ent.x86_64.rpm
ad3cdee012b0cc635caa391ab695345c  httpd-suexec-2.0.52-28.ent.x86_64.rpm
92a99ce7ec860e35b735814360ec37cb  mod_ssl-2.0.52-28.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
4f35d5c8dc42f7e0c8d47fbe15f80ee7  httpd-2.0.52-28.ent.src.rpm

i386:
0b30f0a89cca20b95784a39fcab65e35  httpd-2.0.52-28.ent.i386.rpm
16c54cd14dd2efbcc264ce313107aa1e  httpd-debuginfo-2.0.52-28.ent.i386.rpm
1f5dc32947852da3a57662e6d8d5da21  httpd-devel-2.0.52-28.ent.i386.rpm
453758ed80cda526c0d28dbe6a4fb053  httpd-manual-2.0.52-28.ent.i386.rpm
08c31b58be6c3a3e56b4ab8cd7c9d60b  httpd-suexec-2.0.52-28.ent.i386.rpm
bafd04190956db5220e1931f1cdfda06  mod_ssl-2.0.52-28.ent.i386.rpm

ia64:
981d825a38f285dc367a57909ebb1bb5  httpd-2.0.52-28.ent.ia64.rpm
cf2d0c7a8b16aa07012fd164f490e040  httpd-debuginfo-2.0.52-28.ent.ia64.rpm
37da1e4c1527b539523bd076595ec3fb  httpd-devel-2.0.52-28.ent.ia64.rpm
e6dc477ed351c90340a16ee7e05a6c0f  httpd-manual-2.0.52-28.ent.ia64.rpm
2e8c68c3be5aba7ff97fe63a5204c1ed  httpd-suexec-2.0.52-28.ent.ia64.rpm
1b20f7a2d51bb180b8e0d7ce7198c37a  mod_ssl-2.0.52-28.ent.ia64.rpm

x86_64:
5ea25c8a07bb0021b79d3607bebb7324  httpd-2.0.52-28.ent.x86_64.rpm
07e4bd6632a3775bb5fc56cdebdf1302  httpd-debuginfo-2.0.52-28.ent.x86_64.rpm
349f57d1d4819f8adb4a46118b774a50  httpd-devel-2.0.52-28.ent.x86_64.rpm
53ba74eac84a36cc1cb2829add804236  httpd-manual-2.0.52-28.ent.x86_64.rpm
ad3cdee012b0cc635caa391ab695345c  httpd-suexec-2.0.52-28.ent.x86_64.rpm
92a99ce7ec860e35b735814360ec37cb  mod_ssl-2.0.52-28.ent.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.