-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-0d3d3f5072 2020-09-03 16:25:10.755424 --------------------------------------------------------------------------------
Name : httpd Product : Fedora 31 Version : 2.4.46 Release : 1.fc31 URL : https://httpd.apache.org/ Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server.
-------------------------------------------------------------------------------- Update Information:
This release includes the latest stable version of Apache **httpd**, version **2.4.46**. A security issue is addressed in this update: * **CVE-2020-11984** mod_proxy_uwsgi: Malicious request may result in information disclosure or RCE of existing file on the server running under a malicious process environment. For the full list of changes in this release, see https://downloads.apache.org/httpd/CHANGES_2.4.46 -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 25 2020 Lubos Uhliarik luhliari@redhat.com - 2.4.46-1 - new version 2.4.46 - remove obsolete parts of this spec file - fix systemd detection patch * Tue Jul 28 2020 Fedora Release Engineering releng@fedoraproject.org - 2.4.43-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Thu Jul 9 2020 Lubos Uhliarik luhliari@redhat.com - 2.4.43-6 - fix macro in mod_lua for lua 4.5 * Thu Jul 9 2020 Lubos Uhliarik luhliari@redhat.com - 2.4.43-5 - Remove %ghosted /etc/sysconfig/httpd file (#1850082) * Tue Jul 7 2020 Joe Orton jorton@redhat.com - 2.4.43-4 - use gettid() directly and use it for built-in ErrorLogFormat * Fri Apr 17 2020 Joe Orton jorton@redhat.com - 2.4.43-3 - mod_ssl: updated coalescing filter to improve TLS efficiency * Fri Apr 17 2020 Joe Orton jorton@redhat.com - 2.4.43-2 - mod_ssl: fix leak in OCSP stapling code (PR 63687, r1876548) - mod_systemd: restore descriptive startup logging -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1820775 - CVE-2020-1927 httpd: mod_rewrite configurations vulnerable to open redirect [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1820775 [ 2 ] Bug #1820776 - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized value [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1820776 [ 3 ] Bug #1866581 - httpd-2.4.46 is available https://bugzilla.redhat.com/show_bug.cgi?id=1866581 [ 4 ] Bug #1868147 - CVE-2020-11985 httpd: IP address spoofing when proxying using mod_remoteip and mod_rewrite [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1868147 [ 5 ] Bug #1868148 - CVE-2020-11984 httpd: mod_proxy_uswgi buffer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1868148 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-0d3d3f5072' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------