---------------------------------------------------------------------Fedora Update Notification
FEDORA-2005-848
2005-09-07
---------------------------------------------------------------------Product     : Fedora Core 3
Name        : httpd
Version     : 2.0.53                      
Release     : 3.3                  
Summary     : Apache HTTP Server
Description :
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the
Internet.

---------------------------------------------------------------------Update Information:

This update includes two security fixes.  An issue was
discovered in mod_ssl where "SSLVerifyClient require" would
not be honoured in location context if the virtual host had
"SSLVerifyClient optional" configured (CAN-2005-2700).  An
issue was discovered in memory consumption of the byterange
filter for dynamic resources such as PHP or CGI script
(CAN-2005-2728).
---------------------------------------------------------------------* Fri Sep  2 2005 Joe Orton  2.0.53-3.3
- mod_ssl: add security fix for SSLVerifyClient (#167196, CVE CAN-2005-2700)
- add security fix for byterange filter DoS (#167104, CVE CAN-2005-2728)


---------------------------------------------------------------------This update can be downloaded from:
  
05dc67efda902897af31c7e62dcc66a2  SRPMS/httpd-2.0.53-3.3.src.rpm
67407cda524517254da65caff34d1030  x86_64/httpd-2.0.53-3.3.x86_64.rpm
2924ba7fd423ec96c77b0cd0aefe2a71  x86_64/httpd-devel-2.0.53-3.3.x86_64.rpm
f733310d4c8e6d444f185e055918d7cf  x86_64/httpd-manual-2.0.53-3.3.x86_64.rpm
c7ab61bc84334772e400d641959cd85e  x86_64/mod_ssl-2.0.53-3.3.x86_64.rpm
447aae779dc5640c1923925816c50985  x86_64/httpd-suexec-2.0.53-3.3.x86_64.rpm
43192fc61302fe1b52eb6719d05f0b45  x86_64/debug/httpd-debuginfo-2.0.53-3.3.x86_64.rpm
01f2bcf97e7759e17ac711009d433bfe  i386/httpd-2.0.53-3.3.i386.rpm
65e794a48057d6d3d80f887488b4c03a  i386/httpd-devel-2.0.53-3.3.i386.rpm
7f237c80786870bd9f9d300a67aa23fe  i386/httpd-manual-2.0.53-3.3.i386.rpm
57895adf47af7a01ddb5e79d3258a790  i386/mod_ssl-2.0.53-3.3.i386.rpm
fcaa78659c375778eb357e88bd367004  i386/httpd-suexec-2.0.53-3.3.i386.rpm
55a427b5a760daee39eb972c9ca03c4d  i386/debug/httpd-debuginfo-2.0.53-3.3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
----------------------------------------------------------------------- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 3 Update: httpd-2.0.53-3.3

September 7, 2005
This update includes two security fixes

Summary

Apache is a powerful, full-featured, efficient, and freely-available

Web server. Apache is also the most popular Web server on the

Internet.

This update includes two security fixes. An issue was

discovered in mod_ssl where "SSLVerifyClient require" would

not be honoured in location context if the virtual host had

"SSLVerifyClient optional" configured (CAN-2005-2700). An

issue was discovered in memory consumption of the byterange

filter for dynamic resources such as PHP or CGI script

(CAN-2005-2728).

- mod_ssl: add security fix for SSLVerifyClient (#167196, CVE CAN-2005-2700)

- add security fix for byterange filter DoS (#167104, CVE CAN-2005-2728)

05dc67efda902897af31c7e62dcc66a2 SRPMS/httpd-2.0.53-3.3.src.rpm

67407cda524517254da65caff34d1030 x86_64/httpd-2.0.53-3.3.x86_64.rpm

2924ba7fd423ec96c77b0cd0aefe2a71 x86_64/httpd-devel-2.0.53-3.3.x86_64.rpm

f733310d4c8e6d444f185e055918d7cf x86_64/httpd-manual-2.0.53-3.3.x86_64.rpm

c7ab61bc84334772e400d641959cd85e x86_64/mod_ssl-2.0.53-3.3.x86_64.rpm

447aae779dc5640c1923925816c50985 x86_64/httpd-suexec-2.0.53-3.3.x86_64.rpm

43192fc61302fe1b52eb6719d05f0b45 x86_64/debug/httpd-debuginfo-2.0.53-3.3.x86_64.rpm

01f2bcf97e7759e17ac711009d433bfe i386/httpd-2.0.53-3.3.i386.rpm

65e794a48057d6d3d80f887488b4c03a i386/httpd-devel-2.0.53-3.3.i386.rpm

7f237c80786870bd9f9d300a67aa23fe i386/httpd-manual-2.0.53-3.3.i386.rpm

57895adf47af7a01ddb5e79d3258a790 i386/mod_ssl-2.0.53-3.3.i386.rpm

fcaa78659c375778eb357e88bd367004 i386/httpd-suexec-2.0.53-3.3.i386.rpm

55a427b5a760daee39eb972c9ca03c4d i386/debug/httpd-debuginfo-2.0.53-3.3.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list mailing list

fedora-announce-list@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-announce-list

Change Log

References

Update Instructions

Severity
Name : httpd
Version : 2.0.53
Release : 3.3
Summary : Apache HTTP Server

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved