Subject: | |
From: | |
Reply To: | |
Date: | Mon, 30 Aug 2010 15:19:54 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: httpd security and bug fix update
Issue date: 2010-08-30
CVE Names: CVE-2010-1452 CVE-2010-2791
A flaw was discovered in the way the mod_proxy module of the Apache HTTP
Server handled the timeouts of requests forwarded by a reverse proxy to
the back-end server. If the proxy was configured to reuse existing
back-end connections, it could return a response intended for another
user under certain timeout conditions, possibly leading to information
disclosure. (CVE-2010-2791)
A flaw was found in the way the mod_dav module of the Apache HTTP Server
handled certain requests. If a remote attacker were to send a carefully
crafted request to the server, it could cause the httpd child process to
crash. (CVE-2010-1452)
This update also fixes the following bugs:
* numerous issues in the INFLATE filter provided by mod_deflate.
"Inflate error -5 on flush" errors may have been logged. This update
upgrades mod_deflate to the newer upstream version from Apache HTTP
Server 2.2.15. (BZ#625435)
* the response would be corrupted if mod_filter applied the DEFLATE
filter to a resource requiring a subrequest with an internal redirect.
(BZ#625451)
* the OID() function used in the mod_ssl "SSLRequire" directive did not
correctly evaluate extensions of an unknown type. (BZ#625452)
After installing the updatedpackages, the httpd daemon must be restarted
for the update to take effect.
SL 5.x
SRPMS:
httpd-2.2.3-43.el5_5.3.src.rpm
i386:
httpd-2.2.3-43.sl5.3.i386.rpm
httpd-devel-2.2.3-43.sl5.3.i386.rpm
httpd-manual-2.2.3-43.sl5.3.i386.rpm
mod_ssl-2.2.3-43.sl5.3.i386.rpm
x86_64:
httpd-2.2.3-43.sl5.3.x86_64.rpm
httpd-devel-2.2.3-43.sl5.3.i386.rpm
httpd-devel-2.2.3-43.sl5.3.x86_64.rpm
httpd-manual-2.2.3-43.sl5.3.x86_64.rpm
mod_ssl-2.2.3-43.sl5.3.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|