logo       
<prev   next>

[SECURITY] Fedora Core 4 Update: httpd-2.0.54-10.4: msg#00104

Subject: [SECURITY] Fedora Core 4 Update: httpd-2.0.54-10.4 
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-862
2006-07-28
---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : httpd
Version     : 2.0.54
Release     : 10.4
Summary     : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, full-featured, efficient, and
freely-available Web server. The Apache HTTP Server is also the
most popular Web server on the Internet.

---------------------------------------------------------------------
Update Information:

This update fixes a security issue in the mod_rewrite module.

Mark Dowd of McAfee Avert Labs reported an off-by-one
security problem in the LDAP scheme handling of the
mod_rewrite module. Where RewriteEngine was enabled, and for
certain RewriteRules, this could lead to a pointer being
written out of bounds.   (CVE-2006-3747)

The ability to exploit this issue is dependent on the stack
layout for a particular compiled version of mod_rewrite. 
The Fedora project has analyzed Fedora Core 4 and 5 binaries
and determined that these distributions are vulnerable to
this issue.  However this flaw does not affect a default
installation of Fedora Core; users who do not use, or have
not enabled, the Rewrite module are not affected by this
issue.
---------------------------------------------------------------------
* Wed Jul 26 2006 Joe Orton <jorton@xxxxxxxxxx> 2.0.54-10.4
- add mod_rewrite security fix (CVE-2006-3747)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

81317d5161ff11f6deab496b0562119d0bfc0990  SRPMS/httpd-2.0.54-10.4.src.rpm
81317d5161ff11f6deab496b0562119d0bfc0990  noarch/httpd-2.0.54-10.4.src.rpm
b88cd0f579e2bc914ee974bf426b1a2c8b3b7fb2  ppc/httpd-2.0.54-10.4.ppc.rpm
caed7cf66d784e66969ed8cada0ecfca9212b5ef  ppc/httpd-devel-2.0.54-10.4.ppc.rpm
2b0402a1eb83397b24626d78fae0425a1c3a6817  ppc/httpd-manual-2.0.54-10.4.ppc.rpm
883017704eee9b39ffdd6ccf52ad933a51f6ca27  ppc/mod_ssl-2.0.54-10.4.ppc.rpm
0ab368e365f817e9dcd4dcccfc6c0f8898a1f6db  
ppc/debug/httpd-debuginfo-2.0.54-10.4.ppc.rpm
d27f116a3c7b2f64da314578aa6da7eac590ce34  x86_64/httpd-2.0.54-10.4.x86_64.rpm
14e761d0f7aa7b1f15e0d6c6f8861e0d138ec8e1  
x86_64/httpd-devel-2.0.54-10.4.x86_64.rpm
f35c3789a97243bc06bb9c04a749c6f148c85b6b  
x86_64/httpd-manual-2.0.54-10.4.x86_64.rpm
387155db70ff3e93a23c5cbf0a27548381569170  x86_64/mod_ssl-2.0.54-10.4.x86_64.rpm
571ed80d32e00125ffc279cc96cbac57be4f9bc2  
x86_64/debug/httpd-debuginfo-2.0.54-10.4.x86_64.rpm
f8ce1790f54264d675912055f91b4148751a4eec  i386/httpd-2.0.54-10.4.i386.rpm
c76b6c07cb048b901e569ec02375dfd3570c78c7  i386/httpd-devel-2.0.54-10.4.i386.rpm
d827df74b0a5dbc5e595d84d00ad648fbd4d0da7  i386/httpd-manual-2.0.54-10.4.i386.rpm
5e0c509e87c6a9875c7df3bb1a239adcb4f1169f  i386/mod_ssl-2.0.54-10.4.i386.rpm
e7f948349cdbe8b6442eb30c53571a5880506c6d  
i386/debug/httpd-debuginfo-2.0.54-10.4.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [SECURITY] Fedora Core 5 Update: wireshark-0.99.2-fc5.2, Radek Vokal
Next by Date:  [SECURITY] Fedora Core 5 Update: httpd-2.2.2-1.2, Joseph Orton
Previous by Thread:  [SECURITY] Fedora Core 5 Update: wireshark-0.99.2-fc5.2, Radek Vokal
Next by Thread:  [SECURITY] Fedora Core 5 Update: httpd-2.2.2-1.2, Joseph Orton
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
linux.arklinux....    user-groups.lin...    kde.usability/2...    ietf.ipp/2002-0...    mail.spam.spamc...    os.netbsd.devel...    audio.cd-record...    text.unicode.de...    php.documentati...    games.fps.halfl...    window-managers...    suse.oracle.gen...    bug-tracking.gn...    video.dvdrip.us...    xfree86.cvs/200...    java.netbeans.m...    network.argus/2...    culture.sf.kill...    debian.ports.al...    freebsd.questio...    qplus.devel/200...    handhelds.palm....   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe