-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-16880 2014-12-13 08:34:10 --------------------------------------------------------------------------------
Name : libhtp Product : Fedora 21 Version : 0.5.16 Release : 1.fc21 URL : http://www.libhtp.org Summary : Security-aware parser for the HTTP protocol and the related bits and pieces Description : LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. The goals of the project, in the order of importance, are as follows: 1. Completeness of coverage; 2. Permissive parsing; 3. Awareness of evasion techniques; 4. Performance;
-------------------------------------------------------------------------------- Update Information:
### 0.5.16 (11 December 2014)
* Per personality requestline leading whitespace handling [Victor Julien] * Improve request line parsing with leading spaces [Victor Julien] * Harden decompress code against memory stress [Victor Julien]
-------------------------------------------------------------------------------- ChangeLog:
* Fri Dec 12 2014 Mathieu Bridon bochecha@daitauha.fr - 0.5.16-1 - Update to 0.5.16 - Among other things, this fixes a security issue https://bugzilla.redhat.com/show_bug.cgi?id=1173605 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1173605 - libhtp: denial of service with specific packets https://bugzilla.redhat.com/show_bug.cgi?id=1173605 --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use su -c 'yum update libhtp' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org
-
updates@fedoraproject.org