---------------------------------------------------------------------Fedora Update Notification
FEDORA-2007-617
2007-07-02
---------------------------------------------------------------------Product     : Fedora Core 5
Name        : httpd
Version     : 2.2.2
Release     : 1.3
Summary     : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.

---------------------------------------------------------------------Update Information:

The Apache HTTP Server did not verify that a process was an
Apache child process before sending it signals. A local
attacker with the ability to run scripts on the Apache HTTP
Server could manipulate the scoreboard and cause arbitrary
processes to be terminated which could lead to a denial of
service (CVE-2007-3304). This issue is not exploitable on
Fedora if using the default SELinux targeted policy.

A flaw was found in the Apache HTTP Server mod_status
module. On sites where the server-status page is publicly
accessible and ExtendedStatus is enabled this could lead to
a cross-site scripting attack. On Fedora the server-status
page is not enabled by default and it is best practice to
not make this publicly available. (CVE-2006-5752)

A bug was found in the Apache HTTP Server mod_cache module.
On sites where caching is enabled, a remote attacker could
send a carefully crafted request that would cause the Apache
child process handling that request to crash. This could
lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-1863)

---------------------------------------------------------------------* Tue Jun 26 2007 Joe Orton  2.2.2-1.3
- add security fixes for CVE-2006-5752, CVE-2007-1863 and
  CVE-2007-3304 (#244660)
* Wed Jul 26 2006 Joe Orton  2.2.2-1.2
- add mod_rewrite security fix (CVE-2006-3747)
* Wed Jul 19 2006 Joe Orton  2.2.2-1.1
- fix segfault on dummy connection failure at graceful restart (#199429)
* Thu May 11 2006 Joe Orton  2.2.2-1.0
- update to 2.2.2
* Thu Apr  6 2006 Joe Orton  2.2.0-5.2
- fix LDAP issues on 64-bit platforms (#188073)

---------------------------------------------------------------------This update can be downloaded from:
    
e6b405078d61866b253996c01dd6d2a665d03f16  SRPMS/httpd-2.2.2-1.3.src.rpm
e6b405078d61866b253996c01dd6d2a665d03f16  noarch/httpd-2.2.2-1.3.src.rpm
2da7ae8b7154edd1c29b38e3e4fd00d81be6f630  ppc/httpd-2.2.2-1.3.ppc.rpm
62804f3fe97fdfd71f9dcde7f7c40800b91df202  ppc/mod_ssl-2.2.2-1.3.ppc.rpm
01891fbb3306fc6412780032f448cd9f28fc79f2  ppc/httpd-manual-2.2.2-1.3.ppc.rpm
4bf976824e0b4f90084c16dbf5f6d4d923fa4f7d  ppc/httpd-devel-2.2.2-1.3.ppc.rpm
273e782b60cfbccf3de7f1538c37a26a82d570d3  ppc/debug/httpd-debuginfo-2.2.2-1.3.ppc.rpm
9a539f3dad1f404318846dd1b7323bf092e249dd  x86_64/httpd-devel-2.2.2-1.3.x86_64.rpm
940d606295b6105d613193fd7c4d61fe570839c0  x86_64/debug/httpd-debuginfo-2.2.2-1.3.x86_64.rpm
6e81a89d11d9e2a40f9e81fc208b0da18dff98d4  x86_64/mod_ssl-2.2.2-1.3.x86_64.rpm
03dd6c692195b23ea06e5d547b8c110e80f337d9  x86_64/httpd-manual-2.2.2-1.3.x86_64.rpm
870e9a7132a66f522e1591d838e755a133810bca  x86_64/httpd-2.2.2-1.3.x86_64.rpm
7ac8528edd458749edf22723fd464f3753a43cc2  i386/httpd-manual-2.2.2-1.3.i386.rpm
93d9f497f51185c2d8807f10bad7bcf4d79bad0e  i386/httpd-2.2.2-1.3.i386.rpm
8b932638ad7c828cf728ddfab432420a8f73545a  i386/debug/httpd-debuginfo-2.2.2-1.3.i386.rpm
9c19dd3c181a74d0ee3424421e539dc320dbe1b7  i386/httpd-devel-2.2.2-1.3.i386.rpm
467f4e8b50318ab8d97d857df53cd6a3cda6cd92  i386/mod_ssl-2.2.2-1.3.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at .
---------------------------------------------------------------------_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora Core 5 Update: httpd-2.2.2-1.3

July 2, 2007
The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals

Summary

The Apache HTTP Server is a powerful, efficient, and extensible

web server.

The Apache HTTP Server did not verify that a process was an

Apache child process before sending it signals. A local

attacker with the ability to run scripts on the Apache HTTP

Server could manipulate the scoreboard and cause arbitrary

processes to be terminated which could lead to a denial of

service (CVE-2007-3304). This issue is not exploitable on

Fedora if using the default SELinux targeted policy.

A flaw was found in the Apache HTTP Server mod_status

module. On sites where the server-status page is publicly

accessible and ExtendedStatus is enabled this could lead to

a cross-site scripting attack. On Fedora the server-status

page is not enabled by default and it is best practice to

not make this publicly available. (CVE-2006-5752)

A bug was found in the Apache HTTP Server mod_cache module.

On sites where caching is enabled, a remote attacker could

send a carefully crafted request that would cause the Apache

child process handling that request to crash. This could

lead to a denial of service if using a threaded

Multi-Processing Module. (CVE-2007-1863)

- add security fixes for CVE-2006-5752, CVE-2007-1863 and

CVE-2007-3304 (#244660)

* Wed Jul 26 2006 Joe Orton 2.2.2-1.2

- add mod_rewrite security fix (CVE-2006-3747)

* Wed Jul 19 2006 Joe Orton 2.2.2-1.1

- fix segfault on dummy connection failure at graceful restart (#199429)

* Thu May 11 2006 Joe Orton 2.2.2-1.0

- update to 2.2.2

* Thu Apr 6 2006 Joe Orton 2.2.0-5.2

- fix LDAP issues on 64-bit platforms (#188073)

e6b405078d61866b253996c01dd6d2a665d03f16 SRPMS/httpd-2.2.2-1.3.src.rpm

e6b405078d61866b253996c01dd6d2a665d03f16 noarch/httpd-2.2.2-1.3.src.rpm

2da7ae8b7154edd1c29b38e3e4fd00d81be6f630 ppc/httpd-2.2.2-1.3.ppc.rpm

62804f3fe97fdfd71f9dcde7f7c40800b91df202 ppc/mod_ssl-2.2.2-1.3.ppc.rpm

01891fbb3306fc6412780032f448cd9f28fc79f2 ppc/httpd-manual-2.2.2-1.3.ppc.rpm

4bf976824e0b4f90084c16dbf5f6d4d923fa4f7d ppc/httpd-devel-2.2.2-1.3.ppc.rpm

273e782b60cfbccf3de7f1538c37a26a82d570d3 ppc/debug/httpd-debuginfo-2.2.2-1.3.ppc.rpm

9a539f3dad1f404318846dd1b7323bf092e249dd x86_64/httpd-devel-2.2.2-1.3.x86_64.rpm

940d606295b6105d613193fd7c4d61fe570839c0 x86_64/debug/httpd-debuginfo-2.2.2-1.3.x86_64.rpm

6e81a89d11d9e2a40f9e81fc208b0da18dff98d4 x86_64/mod_ssl-2.2.2-1.3.x86_64.rpm

03dd6c692195b23ea06e5d547b8c110e80f337d9 x86_64/httpd-manual-2.2.2-1.3.x86_64.rpm

870e9a7132a66f522e1591d838e755a133810bca x86_64/httpd-2.2.2-1.3.x86_64.rpm

7ac8528edd458749edf22723fd464f3753a43cc2 i386/httpd-manual-2.2.2-1.3.i386.rpm

93d9f497f51185c2d8807f10bad7bcf4d79bad0e i386/httpd-2.2.2-1.3.i386.rpm

8b932638ad7c828cf728ddfab432420a8f73545a i386/debug/httpd-debuginfo-2.2.2-1.3.i386.rpm

9c19dd3c181a74d0ee3424421e539dc320dbe1b7 i386/httpd-devel-2.2.2-1.3.i386.rpm

467f4e8b50318ab8d97d857df53cd6a3cda6cd92 i386/mod_ssl-2.2.2-1.3.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-package-announce

FEDORA-2007-617 2007-07-02 Name : httpd Version : 2.2.2 Release : 1.3 Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Fedora if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Fedora the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) - add security fixes for CVE-2006-5752, CVE-2007-1863 and CVE-2007-3304 (#244660) * Wed Jul 26 2006 Joe Orton 2.2.2-1.2 - add mod_rewrite security fix (CVE-2006-3747) * Wed Jul 19 2006 Joe Orton 2.2.2-1.1 - fix segfault on dummy connection failure at graceful restart (#199429) * Thu May 11 2006 Joe Orton 2.2.2-1.0 - update to 2.2.2 * Thu Apr 6 2006 Joe Orton 2.2.0-5.2 - fix LDAP issues on 64-bit platforms (#188073) e6b405078d61866b253996c01dd6d2a665d03f16 SRPMS/httpd-2.2.2-1.3.src.rpm e6b405078d61866b253996c01dd6d2a665d03f16 noarch/httpd-2.2.2-1.3.src.rpm 2da7ae8b7154edd1c29b38e3e4fd00d81be6f630 ppc/httpd-2.2.2-1.3.ppc.rpm 62804f3fe97fdfd71f9dcde7f7c40800b91df202 ppc/mod_ssl-2.2.2-1.3.ppc.rpm 01891fbb3306fc6412780032f448cd9f28fc79f2 ppc/httpd-manual-2.2.2-1.3.ppc.rpm 4bf976824e0b4f90084c16dbf5f6d4d923fa4f7d ppc/httpd-devel-2.2.2-1.3.ppc.rpm 273e782b60cfbccf3de7f1538c37a26a82d570d3 ppc/debug/httpd-debuginfo-2.2.2-1.3.ppc.rpm 9a539f3dad1f404318846dd1b7323bf092e249dd x86_64/httpd-devel-2.2.2-1.3.x86_64.rpm 940d606295b6105d613193fd7c4d61fe570839c0 x86_64/debug/httpd-debuginfo-2.2.2-1.3.x86_64.rpm 6e81a89d11d9e2a40f9e81fc208b0da18dff98d4 x86_64/mod_ssl-2.2.2-1.3.x86_64.rpm 03dd6c692195b23ea06e5d547b8c110e80f337d9 x86_64/httpd-manual-2.2.2-1.3.x86_64.rpm 870e9a7132a66f522e1591d838e755a133810bca x86_64/httpd-2.2.2-1.3.x86_64.rpm 7ac8528edd458749edf22723fd464f3753a43cc2 i386/httpd-manual-2.2.2-1.3.i386.rpm 93d9f497f51185c2d8807f10bad7bcf4d79bad0e i386/httpd-2.2.2-1.3.i386.rpm 8b932638ad7c828cf728ddfab432420a8f73545a i386/debug/httpd-debuginfo-2.2.2-1.3.i386.rpm 9c19dd3c181a74d0ee3424421e539dc320dbe1b7 i386/httpd-devel-2.2.2-1.3.i386.rpm 467f4e8b50318ab8d97d857df53cd6a3cda6cd92 i386/mod_ssl-2.2.2-1.3.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce

Change Log

References

Update Instructions

Severity
Name : httpd
Version : 2.2.2
Release : 1.3
Summary : Apache HTTP Server

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved