--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2008-6314
2008-08-07 21:20:50
--------------------------------------------------------------------------------Name        : httpd
Product     : Fedora 8
Version     : 2.2.9
Release     : 1.fc8
URL         : https://httpd.apache.org/
Summary     : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.

--------------------------------------------------------------------------------Update Information:

This update includes the latest release of httpd 2.2.    A security issue is
fixed in this update:    A flaw was found in the handling of excessive interim
responses from an origin server when using mod_proxy_http. In a forward proxy
configuration, if a user of the proxy could be tricked into visiting a malicious
web server, the proxy could be forced into consuming a large amount of stack or
heap memory. This could lead to an eventual process crash due to stack space
exhaustion.
--------------------------------------------------------------------------------ChangeLog:

* Mon Jul 14 2008 Joe Orton  2.2.9-1.fc8
- update to 2.2.9 (#454100)
* Mon Jan 28 2008 Joe Orton  2.2.8-1.fc8
- update to 2.2.8 (#430465)
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #451615 - CVE-2008-2364 httpd: mod_proxy_http DoS via excessive interim responses from the origin server
        https://bugzilla.redhat.com/show_bug.cgi?id=451615
--------------------------------------------------------------------------------This update can be installed with the "yum" update program.  Use 
su -c 'yum update httpd' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
--------------------------------------------------------------------------------_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora 8 Update: httpd-2.2.9-1.fc8

August 7, 2008
This update includes the latest release of httpd 2.2

Summary

The Apache HTTP Server is a powerful, efficient, and extensible

web server.

This update includes the latest release of httpd 2.2. A security issue is

fixed in this update: A flaw was found in the handling of excessive interim

responses from an origin server when using mod_proxy_http. In a forward proxy

configuration, if a user of the proxy could be tricked into visiting a malicious

web server, the proxy could be forced into consuming a large amount of stack or

heap memory. This could lead to an eventual process crash due to stack space

exhaustion.

* Mon Jul 14 2008 Joe Orton 2.2.9-1.fc8

- update to 2.2.9 (#454100)

* Mon Jan 28 2008 Joe Orton 2.2.8-1.fc8

- update to 2.2.8 (#430465)

[ 1 ] Bug #451615 - CVE-2008-2364 httpd: mod_proxy_http DoS via excessive interim responses from the origin server

https://bugzilla.redhat.com/show_bug.cgi?id=451615

su -c 'yum update httpd' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-package-announce

FEDORA-2008-6314 2008-08-07 21:20:50 Product : Fedora 8 Version : 2.2.9 Release : 1.fc8 URL : https://httpd.apache.org/ Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server. This update includes the latest release of httpd 2.2. A security issue is fixed in this update: A flaw was found in the handling of excessive interim responses from an origin server when using mod_proxy_http. In a forward proxy configuration, if a user of the proxy could be tricked into visiting a malicious web server, the proxy could be forced into consuming a large amount of stack or heap memory. This could lead to an eventual process crash due to stack space exhaustion. * Mon Jul 14 2008 Joe Orton 2.2.9-1.fc8 - update to 2.2.9 (#454100) * Mon Jan 28 2008 Joe Orton 2.2.8-1.fc8 - update to 2.2.8 (#430465) [ 1 ] Bug #451615 - CVE-2008-2364 httpd: mod_proxy_http DoS via excessive interim responses from the origin server https://bugzilla.redhat.com/show_bug.cgi?id=451615 su -c 'yum update httpd' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce

Change Log

References

Update Instructions

Severity
Product : Fedora 8
Version : 2.2.9
Release : 1.fc8
URL : https://httpd.apache.org/
Summary : Apache HTTP Server

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved