Synopsis:    Important: httpd security update
Issue Date:  2011-08-31
CVE Numbers: CVE-2011-3192


The Apache HTTP Server is a popular web server.

A flaw was found in the way the Apache HTTP Server handled Range HTTP
headers. A remote attacker could use this flaw to cause httpd to use an
excessive amount of memory and CPU time via HTTP requests with a
specially-crafted Range header. (CVE-2011-3192)

All httpd users should upgrade to these updated packages, which contain 
a backported patch to correct this issue. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.


SL 4.x

        SRPMS:
httpd-2.0.52-48.sl4.src.rpm
        i386:
httpd-2.0.52-48.sl4.i386.rpm
httpd-devel-2.0.52-48.sl4.i386.rpm
httpd-manual-2.0.52-48.sl4.i386.rpm
httpd-suexec-2.0.52-48.sl4.i386.rpm
mod_ssl-2.0.52-48.sl4.i386.rpm
        x86_64:
httpd-2.0.52-48.sl4.x86_64.rpm
httpd-devel-2.0.52-48.sl4.x86_64.rpm
httpd-manual-2.0.52-48.sl4.x86_64.rpm
httpd-suexec-2.0.52-48.sl4.x86_64.rpm
mod_ssl-2.0.52-48.sl4.x86_64.rpm

SL 5.x

        SRPMS:
httpd-2.2.3-53.sl5.1.src.rpm
        i386:
httpd-2.2.3-53.sl5.1.i386.rpm
httpd-devel-2.2.3-53.sl5.1.i386.rpm
httpd-manual-2.2.3-53.sl5.1.i386.rpm
mod_ssl-2.2.3-53.sl5.1.i386.rpm
        x86_64:
httpd-2.2.3-53.sl5.1.x86_64.rpm
httpd-devel-2.2.3-53.sl5.1.i386.rpm
httpd-devel-2.2.3-53.sl5.1.x86_64.rpm
httpd-manual-2.2.3-53.sl5.1.x86_64.rpm
mod_ssl-2.2.3-53.sl5.1.x86_64.rpm

SL 6.x

        SRPMS:
httpd-2.2.15-9.sl6.2.src.rpm
        i386:
httpd-2.2.15-9.sl6.2.i686.rpm
httpd-devel-2.2.15-9.sl6.2.i686.rpm
httpd-manual-2.2.15-9.sl6.2.noarch.rpm
httpd-tools-2.2.15-9.sl6.2.i686.rpm
mod_ssl-2.2.15-9.sl6.2.i686.rpm
        x86_64:
httpd-2.2.15-9.sl6.2.x86_64.rpm
httpd-devel-2.2.15-9.sl6.2.i686.rpm
httpd-devel-2.2.15-9.sl6.2.x86_64.rpm
httpd-manual-2.2.15-9.sl6.2.noarch.rpm
httpd-tools-2.2.15-9.sl6.2.x86_64.rpm
mod_ssl-2.2.15-9.sl6.2.x86_64.rpm

- Scientific Linux Development Team