Synopsis: Moderate: httpd security update Advisory ID: SLSA-2017:2882-1 Issue Date: 2017-10-11 CVE Numbers: CVE-2017-9798 -- Security Fix(es): * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) -- SL7 x86_64 httpd-2.4.6-67.el7_4.5.x86_64.rpm httpd-debuginfo-2.4.6-67.el7_4.5.x86_64.rpm httpd-devel-2.4.6-67.el7_4.5.x86_64.rpm httpd-tools-2.4.6-67.el7_4.5.x86_64.rpm mod_ldap-2.4.6-67.el7_4.5.x86_64.rpm mod_proxy_html-2.4.6-67.el7_4.5.x86_64.rpm mod_session-2.4.6-67.el7_4.5.x86_64.rpm mod_ssl-2.4.6-67.el7_4.5.x86_64.rpm noarch httpd-manual-2.4.6-67.el7_4.5.noarch.rpm - Scientific Linux Development Team