Synopsis: Moderate: httpd security update Advisory ID: SLSA-2017:2972-1 Issue Date: 2017-10-19 CVE Numbers: CVE-2017-9798 CVE-2017-12171 -- Security Fix(es): * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) * A regression was found in the Scientific Linux 6.9 version of httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171) -- SL6 x86_64 httpd-2.2.15-60.el6_9.6.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.6.x86_64.rpm httpd-tools-2.2.15-60.el6_9.6.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.6.i686.rpm httpd-devel-2.2.15-60.el6_9.6.i686.rpm httpd-devel-2.2.15-60.el6_9.6.x86_64.rpm mod_ssl-2.2.15-60.el6_9.6.x86_64.rpm i386 httpd-2.2.15-60.el6_9.6.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.6.i686.rpm httpd-tools-2.2.15-60.el6_9.6.i686.rpm httpd-devel-2.2.15-60.el6_9.6.i686.rpm mod_ssl-2.2.15-60.el6_9.6.i686.rpm noarch httpd-manual-2.2.15-60.el6_9.6.noarch.rpm - Scientific Linux Development Team