--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-e00c65ec6f
2019-09-30 01:38:57.532586
--------------------------------------------------------------------------------
Name : httpd
Product : Fedora 29
Version : 2.4.41
Release : 1.fc29
URL :
https://httpd.apache.org/
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
--------------------------------------------------------------------------------
Update Information:
This update includes the latest release of the Apache HTTP Server, version
`2.4.41`, fixing various security issues. Several major enhancements are also
included in this update: * `mod_md` is now packaged from upstream *github*
releases. * `mod_cgid` stderr handling has been improved See
http://www.apache.org/dist/httpd/CHANGES_2.4.41 for a full list of changes since
the previous release of `httpd`.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 15 2019 Joe Orton <jorton(a)redhat.com> - 2.4.41-1
- update to 2.4.41
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.39-13
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jul 23 2019 Joe Orton <jorton(a)redhat.com> - 2.4.39-12
- drop /var/lib/dav directory, since mod_dav_fs uses statedir
* Wed Jul 17 2019 Joe Orton <jorton(a)redhat.com> - 2.4.39-11
- mod_cgid: use fd passing to fix script stderr handling (#1591157)
* Mon Jul 8 2019 Joe Orton <jorton(a)redhat.com> - 2.4.39-10
- htpasswd: add SHA-256/512 support
- apachectl: restore -V/-v/-t support (#1727434)
* Fri Jun 21 2019 Joe Orton <jorton(a)redhat.com> - 2.4.39-9
- create instance-specific StateDir in httpd@.service, instance.conf
* Thu Jun 20 2019 Joe Orton <jorton(a)redhat.com> - 2.4.39-8
- remove superfluous ap_hack_ symbols from httpd binary
- more verbose %check section
* Thu Jun 13 2019 Lubos Uhliarik <luhliari(a)redhat.com> - 2.4.39-7
- remove bundled mod_md module
* Thu Jun 13 2019 Joe Orton <jorton(a)redhat.com> - 2.4.39-6
- mod_ssl: fix "httpd -L" (etc) before httpd-init.service runs
* Wed Jun 12 2019 Joe Orton <jorton(a)redhat.com> - 2.4.39-5
- fixes for StateDir directive (upstream r1857731, r1857731)
* Thu May 2 2019 Lubos Uhliarik <luhliari(a)redhat.com> - 2.4.39-4
- httpd dependency on initscripts is unspecified (#1705188)
* Tue Apr 9 2019 Joe Orton <jorton(a)redhat.com> - 2.4.39-3
- fix statedir symlink to point to /var/lib/httpd (#1697662)
- mod_reqtimeout: fix default values regression (PR 63325)
* Tue Apr 2 2019 Lubos Uhliarik <luhliari(a)redhat.com> - 2.4.39-2
- update to 2.4.39
* Thu Feb 28 2019 Joe Orton <jorton(a)redhat.com> - 2.4.38-6
- apachectl: cleanup and replace script wholesale (#1641237)
* drop "apachectl fullstatus" support
* run systemctl with --no-pager option
* implement graceful&graceful-stop by signal directly
- run "httpd -t" from legacy action script
* Tue Feb 5 2019 Lubos Uhliarik <luhliari(a)redhat.com> - 2.4.38-5
- segmentation fault fix (FIPS)
* Tue Feb 5 2019 Joe Orton <jorton(a)redhat.com> - 2.4.38-4
- use serverroot-relative statedir, rundir by default
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.38-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Jan 23 2019 Lubos Uhliarik <luhliari(a)redhat.com> - 2.4.38-2
- new version 2.4.38 (#1668125)
* Mon Jan 14 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 2.4.37-6
- Rebuilt for libcrypt.so.2 (#1666033)
* Thu Nov 22 2018 Lubo�� Uhliarik <luhliari(a)redhat.com> - 2.4.37-5
- Resolves: #1652678 - TLS connection allowed while all protocols are forbidden
* Thu Nov 8 2018 Joe Orton <jorton(a)redhat.com> - 2.4.37-4
- add httpd.conf(5) (#1611361)
* Wed Nov 7 2018 Lubo�� Uhliarik <luhliari(a)redhat.com> - 2.4.37-3
- Resolves: #1647241 - fix apachectl script
* Wed Oct 31 2018 Joe Orton <jorton(a)redhat.com> - 2.4.37-2
- add DefaultStateDir/ap_state_dir_relative()
- mod_dav_fs: use state dir for default DAVLockDB
- mod_md: use state dir for default MDStoreDir
* Wed Oct 31 2018 Joe Orton <jorton(a)redhat.com> - 2.4.37-1
- update to 2.4.37
* Wed Oct 31 2018 Joe Orton <jorton(a)redhat.com> - 2.4.34-11
- add htcacheclean.service(8) man page
* Fri Sep 28 2018 Joe Orton <jorton(a)redhat.com> - 2.4.34-10
- apachectl: don't read /etc/sysconfig/httpd
* Tue Sep 25 2018 Joe Orton <jorton(a)redhat.com> - 2.4.34-9
- fix build if OpenSSL built w/o SSLv3 support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1727434 - Fedora apachectl script behaves differently than authors design it
https://bugzilla.redhat.com/show_bug.cgi?id=1727434
[ 2 ] Bug #1743961 - CVE-2019-10098 httpd: mod_rewrite potential open redirect
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1743961
[ 3 ] Bug #1743957 - CVE-2019-10092 httpd: limited cross-site scripting in mod_proxy
error page [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1743957
[ 4 ] Bug #1591157 - Unusable entries in error_log when event MPM is activated
https://bugzilla.redhat.com/show_bug.cgi?id=1591157
[ 5 ] Bug #1743997 - CVE-2019-10097 httpd: null-pointer dereference in mod_remoteip
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1743997
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-e00c65ec6f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------