[SECURITY] Fedora Core 5 Update: httpd-2.2.2-1.2 - package-announce - Fedora mailing-lists

28 Jul 2006


      ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-863
2006-07-28
---------------------------------------------------------------------
Product     : Fedora Core 5
Name        : httpd
Version     : 2.2.2
Release     : 1.2
Summary     : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
---------------------------------------------------------------------
Update Information:
This update fixes a security issue in the mod_rewrite module.
Mark Dowd of McAfee Avert Labs reported an off-by-one
security problem in the LDAP scheme handling of the
mod_rewrite module. Where RewriteEngine was enabled, and for
certain RewriteRules, this could lead to a pointer being
written out of bounds. (CVE-2006-3747)
The ability to exploit this issue is dependent on the stack
layout for a particular compiled version of mod_rewrite.
The Fedora project has analyzed Fedora Core 4 and 5 binaries
and determined that these distributions are vulnerable to
this issue. However this flaw does not affect a default
installation of Fedora Core; users who do not use, or have
not enabled, the Rewrite module are not affected by this
issue.
---------------------------------------------------------------------
* Wed Jul 26 2006 Joe Orton jorton@redhat.com 2.2.2-1.2
- add mod_rewrite security fix (CVE-2006-3747)
* Wed Jul 19 2006 Joe Orton jorton@redhat.com 2.2.2-1.1
- fix segfault on dummy connection failure at graceful restart (#199429)
* Thu May 11 2006 Joe Orton jorton@redhat.com 2.2.2-1.0
- update to 2.2.2
* Thu Apr  6 2006 Joe Orton jorton@redhat.com 2.2.0-5.2
- fix LDAP issues on 64-bit platforms (#188073)
---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
8d3b53893059ae157e97020f526cd19b727b6b07  SRPMS/httpd-2.2.2-1.2.src.rpm
8d3b53893059ae157e97020f526cd19b727b6b07  noarch/httpd-2.2.2-1.2.src.rpm
c6e260470e3b3dc3ff7a405d8da8030a0aee25a1  ppc/mod_ssl-2.2.2-1.2.ppc.rpm
9421d2e77c8dc6713eb7fb01c27b95014c93851b  ppc/debug/httpd-debuginfo-2.2.2-1.2.ppc.rpm
11d79c4daeb39b606eb19e715dc656a048f91132  ppc/httpd-2.2.2-1.2.ppc.rpm
d8b703262d835cfc5c759b0713f701361fe34492  ppc/httpd-manual-2.2.2-1.2.ppc.rpm
8a918c5f0958fef564556dd97925e97abeb58454  ppc/httpd-devel-2.2.2-1.2.ppc.rpm
89b0ff637e96e67eb5ca8cb949caf239f3fe526a  x86_64/mod_ssl-2.2.2-1.2.x86_64.rpm
19fc5d68d4c25965a7cdc5f54af83e628c6302f1  x86_64/debug/httpd-debuginfo-2.2.2-1.2.x86_64.rpm
eb3dd7f7720da22479fefbd769bb7f4be28d77b6  x86_64/httpd-devel-2.2.2-1.2.x86_64.rpm
010ff13be32b86ae750a94e0b3950484f80907a7  x86_64/httpd-2.2.2-1.2.x86_64.rpm
9a638a1a7ae2dd82b78c431d4115231046d39bde  x86_64/httpd-manual-2.2.2-1.2.x86_64.rpm
fe1dfd67f25b3cbf887e371f990939b45098d86f  i386/httpd-devel-2.2.2-1.2.i386.rpm
d2c290eb660baa41d4ae1c144733d117a60c3e0f  i386/httpd-2.2.2-1.2.i386.rpm
8dd2affc726f93482a831a6ce78e7ea319575c73  i386/debug/httpd-debuginfo-2.2.2-1.2.i386.rpm
43faee2d157ce07431100a0560f7bf3d7eeae8f1  i386/mod_ssl-2.2.2-1.2.i386.rpm
fc616885d243a7b6a98d545045d65690994ccb2e  i386/httpd-manual-2.2.2-1.2.i386.rpm
This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------