Fedora Core 4 Update: httpd-2.0.54-10.4
Summary
The Apache HTTP Server is a powerful, full-featured, efficient, and
freely-available Web server. The Apache HTTP Server is also the
most popular Web server on the Internet.
This update fixes a security issue in the mod_rewrite module.
Mark Dowd of McAfee Avert Labs reported an off-by-one
security problem in the LDAP scheme handling of the
mod_rewrite module. Where RewriteEngine was enabled, and for
certain RewriteRules, this could lead to a pointer being
written out of bounds. (CVE-2006-3747)
The ability to exploit this issue is dependent on the stack
layout for a particular compiled version of mod_rewrite.
The Fedora project has analyzed Fedora Core 4 and 5 binaries
and determined that these distributions are vulnerable to
this issue. However this flaw does not affect a default
installation of Fedora Core; users who do not use, or have
not enabled, the Rewrite module are not affected by this
issue.
- add mod_rewrite security fix (CVE-2006-3747)
81317d5161ff11f6deab496b0562119d0bfc0990 SRPMS/httpd-2.0.54-10.4.src.rpm
81317d5161ff11f6deab496b0562119d0bfc0990 noarch/httpd-2.0.54-10.4.src.rpm
b88cd0f579e2bc914ee974bf426b1a2c8b3b7fb2 ppc/httpd-2.0.54-10.4.ppc.rpm
caed7cf66d784e66969ed8cada0ecfca9212b5ef ppc/httpd-devel-2.0.54-10.4.ppc.rpm
2b0402a1eb83397b24626d78fae0425a1c3a6817 ppc/httpd-manual-2.0.54-10.4.ppc.rpm
883017704eee9b39ffdd6ccf52ad933a51f6ca27 ppc/mod_ssl-2.0.54-10.4.ppc.rpm
0ab368e365f817e9dcd4dcccfc6c0f8898a1f6db ppc/debug/httpd-debuginfo-2.0.54-10.4.ppc.rpm
d27f116a3c7b2f64da314578aa6da7eac590ce34 x86_64/httpd-2.0.54-10.4.x86_64.rpm
14e761d0f7aa7b1f15e0d6c6f8861e0d138ec8e1 x86_64/httpd-devel-2.0.54-10.4.x86_64.rpm
f35c3789a97243bc06bb9c04a749c6f148c85b6b x86_64/httpd-manual-2.0.54-10.4.x86_64.rpm
387155db70ff3e93a23c5cbf0a27548381569170 x86_64/mod_ssl-2.0.54-10.4.x86_64.rpm
571ed80d32e00125ffc279cc96cbac57be4f9bc2 x86_64/debug/httpd-debuginfo-2.0.54-10.4.x86_64.rpm
f8ce1790f54264d675912055f91b4148751a4eec i386/httpd-2.0.54-10.4.i386.rpm
c76b6c07cb048b901e569ec02375dfd3570c78c7 i386/httpd-devel-2.0.54-10.4.i386.rpm
d827df74b0a5dbc5e595d84d00ad648fbd4d0da7 i386/httpd-manual-2.0.54-10.4.i386.rpm
5e0c509e87c6a9875c7df3bb1a239adcb4f1169f i386/mod_ssl-2.0.54-10.4.i386.rpm
e7f948349cdbe8b6442eb30c53571a5880506c6d i386/debug/httpd-debuginfo-2.0.54-10.4.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at .
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
FEDORA-2006-862 2006-07-28 Name : httpd Version : 2.0.54 Release : 10.4 Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. The Apache HTTP Server is also the most popular Web server on the Internet. This update fixes a security issue in the mod_rewrite module. Mark Dowd of McAfee Avert Labs reported an off-by-one security problem in the LDAP scheme handling of the mod_rewrite module. Where RewriteEngine was enabled, and for certain RewriteRules, this could lead to a pointer being written out of bounds. (CVE-2006-3747) The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. The Fedora project has analyzed Fedora Core 4 and 5 binaries and determined that these distributions are vulnerable to this issue. However this flaw does not affect a default installation of Fedora Core; users who do not use, or have not enabled, the Rewrite module are not affected by this issue. - add mod_rewrite security fix (CVE-2006-3747) 81317d5161ff11f6deab496b0562119d0bfc0990 SRPMS/httpd-2.0.54-10.4.src.rpm 81317d5161ff11f6deab496b0562119d0bfc0990 noarch/httpd-2.0.54-10.4.src.rpm b88cd0f579e2bc914ee974bf426b1a2c8b3b7fb2 ppc/httpd-2.0.54-10.4.ppc.rpm caed7cf66d784e66969ed8cada0ecfca9212b5ef ppc/httpd-devel-2.0.54-10.4.ppc.rpm 2b0402a1eb83397b24626d78fae0425a1c3a6817 ppc/httpd-manual-2.0.54-10.4.ppc.rpm 883017704eee9b39ffdd6ccf52ad933a51f6ca27 ppc/mod_ssl-2.0.54-10.4.ppc.rpm 0ab368e365f817e9dcd4dcccfc6c0f8898a1f6db ppc/debug/httpd-debuginfo-2.0.54-10.4.ppc.rpm d27f116a3c7b2f64da314578aa6da7eac590ce34 x86_64/httpd-2.0.54-10.4.x86_64.rpm 14e761d0f7aa7b1f15e0d6c6f8861e0d138ec8e1 x86_64/httpd-devel-2.0.54-10.4.x86_64.rpm f35c3789a97243bc06bb9c04a749c6f148c85b6b x86_64/httpd-manual-2.0.54-10.4.x86_64.rpm 387155db70ff3e93a23c5cbf0a27548381569170 x86_64/mod_ssl-2.0.54-10.4.x86_64.rpm 571ed80d32e00125ffc279cc96cbac57be4f9bc2 x86_64/debug/httpd-debuginfo-2.0.54-10.4.x86_64.rpm f8ce1790f54264d675912055f91b4148751a4eec i386/httpd-2.0.54-10.4.i386.rpm c76b6c07cb048b901e569ec02375dfd3570c78c7 i386/httpd-devel-2.0.54-10.4.i386.rpm d827df74b0a5dbc5e595d84d00ad648fbd4d0da7 i386/httpd-manual-2.0.54-10.4.i386.rpm 5e0c509e87c6a9875c7df3bb1a239adcb4f1169f i386/mod_ssl-2.0.54-10.4.i386.rpm e7f948349cdbe8b6442eb30c53571a5880506c6d i386/debug/httpd-debuginfo-2.0.54-10.4.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce
Change Log
References