[SECURITY] Fedora Core 3 Test Update: httpd-2.0.53-3.3

Joseph Orton jorton at redhat.com
Tue Sep 6 05:38:46 UTC 2005


---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2005-848
2005-09-06
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : httpd
Version     : 2.0.53                      
Release     : 3.3                  
Summary     : Apache HTTP Server
Description :
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the
Internet.

---------------------------------------------------------------------
Update Information:

This update includes two security fixes.  An issue was
discovered in mod_ssl where "SSLVerifyClient require" would
not be honoured in location context if the virtual host had
"SSLVerifyClient optional" configured (CAN-2005-2700).  An
issue was discovered in memory consumption of the byterange
filter for dynamic resources such as PHP or CGI script
(CAN-2005-2728).
---------------------------------------------------------------------
* Fri Sep  2 2005 Joe Orton <jorton at redhat.com> 2.0.53-3.3
- mod_ssl: add security fix for SSLVerifyClient (#167196, CVE CAN-2005-2700)
- add security fix for byterange filter DoS (#167104, CVE CAN-2005-2728)


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/3/

a292da621297efb81c961aebf09a7e95  SRPMS/httpd-2.0.53-3.3.src.rpm
c6180d5fd66cc9789efe41624ea6bc0c  x86_64/httpd-2.0.53-3.3.x86_64.rpm
ea77ffe86d050f162b9b6cfbd671e67a  x86_64/httpd-devel-2.0.53-3.3.x86_64.rpm
53c0f17ee9a492da26d5ebe04c0ee39a  x86_64/httpd-manual-2.0.53-3.3.x86_64.rpm
074f826908e7c4e37eaf1a938c20e2ab  x86_64/mod_ssl-2.0.53-3.3.x86_64.rpm
dc31ec7eacbdc4d3ef46f66bd329ff05  x86_64/httpd-suexec-2.0.53-3.3.x86_64.rpm
0954c40bfea0d6111cdfa2596c3b0ba4  x86_64/debug/httpd-debuginfo-2.0.53-3.3.x86_64.rpm
098a9f51210a0506510291377e5573ef  i386/httpd-2.0.53-3.3.i386.rpm
cd839b3140797166a18b238d3f1a187b  i386/httpd-devel-2.0.53-3.3.i386.rpm
6286fb06b13f0a803c1ddda6822c3e07  i386/httpd-manual-2.0.53-3.3.i386.rpm
1051d4870c7d55528284b1a7786dfc1e  i386/mod_ssl-2.0.53-3.3.i386.rpm
a48d02c57d1d5482d98e9b79668b934c  i386/httpd-suexec-2.0.53-3.3.i386.rpm
1368036e846311135df598f150708d11  i386/debug/httpd-debuginfo-2.0.53-3.3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  You may 
need to edit your up2date channels configuration.  Within 
/etc/sysconfig/rhn/sources enable the following line: 
yum updates-testing http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/3/$ARCH
---------------------------------------------------------------------




More information about the test mailing list