Fedora Core 5 Update: httpd-2.2.2-1.2
Summary
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
This update fixes a security issue in the mod_rewrite module.
Mark Dowd of McAfee Avert Labs reported an off-by-one
security problem in the LDAP scheme handling of the
mod_rewrite module. Where RewriteEngine was enabled, and for
certain RewriteRules, this could lead to a pointer being
written out of bounds. (CVE-2006-3747)
The ability to exploit this issue is dependent on the stack
layout for a particular compiled version of mod_rewrite.
The Fedora project has analyzed Fedora Core 4 and 5 binaries
and determined that these distributions are vulnerable to
this issue. However this flaw does not affect a default
installation of Fedora Core; users who do not use, or have
not enabled, the Rewrite module are not affected by this
issue.
- add mod_rewrite security fix (CVE-2006-3747)
* Wed Jul 19 2006 Joe Orton
- fix segfault on dummy connection failure at graceful restart (#199429)
* Thu May 11 2006 Joe Orton
- update to 2.2.2
* Thu Apr 6 2006 Joe Orton
- fix LDAP issues on 64-bit platforms (#188073)
8d3b53893059ae157e97020f526cd19b727b6b07 SRPMS/httpd-2.2.2-1.2.src.rpm
8d3b53893059ae157e97020f526cd19b727b6b07 noarch/httpd-2.2.2-1.2.src.rpm
c6e260470e3b3dc3ff7a405d8da8030a0aee25a1 ppc/mod_ssl-2.2.2-1.2.ppc.rpm
9421d2e77c8dc6713eb7fb01c27b95014c93851b ppc/debug/httpd-debuginfo-2.2.2-1.2.ppc.rpm
11d79c4daeb39b606eb19e715dc656a048f91132 ppc/httpd-2.2.2-1.2.ppc.rpm
d8b703262d835cfc5c759b0713f701361fe34492 ppc/httpd-manual-2.2.2-1.2.ppc.rpm
8a918c5f0958fef564556dd97925e97abeb58454 ppc/httpd-devel-2.2.2-1.2.ppc.rpm
89b0ff637e96e67eb5ca8cb949caf239f3fe526a x86_64/mod_ssl-2.2.2-1.2.x86_64.rpm
19fc5d68d4c25965a7cdc5f54af83e628c6302f1 x86_64/debug/httpd-debuginfo-2.2.2-1.2.x86_64.rpm
eb3dd7f7720da22479fefbd769bb7f4be28d77b6 x86_64/httpd-devel-2.2.2-1.2.x86_64.rpm
010ff13be32b86ae750a94e0b3950484f80907a7 x86_64/httpd-2.2.2-1.2.x86_64.rpm
9a638a1a7ae2dd82b78c431d4115231046d39bde x86_64/httpd-manual-2.2.2-1.2.x86_64.rpm
fe1dfd67f25b3cbf887e371f990939b45098d86f i386/httpd-devel-2.2.2-1.2.i386.rpm
d2c290eb660baa41d4ae1c144733d117a60c3e0f i386/httpd-2.2.2-1.2.i386.rpm
8dd2affc726f93482a831a6ce78e7ea319575c73 i386/debug/httpd-debuginfo-2.2.2-1.2.i386.rpm
43faee2d157ce07431100a0560f7bf3d7eeae8f1 i386/mod_ssl-2.2.2-1.2.i386.rpm
fc616885d243a7b6a98d545045d65690994ccb2e i386/httpd-manual-2.2.2-1.2.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at .
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
FEDORA-2006-863 2006-07-28 Name : httpd Version : 2.2.2 Release : 1.2 Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server. This update fixes a security issue in the mod_rewrite module. Mark Dowd of McAfee Avert Labs reported an off-by-one security problem in the LDAP scheme handling of the mod_rewrite module. Where RewriteEngine was enabled, and for certain RewriteRules, this could lead to a pointer being written out of bounds. (CVE-2006-3747) The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. The Fedora project has analyzed Fedora Core 4 and 5 binaries and determined that these distributions are vulnerable to this issue. However this flaw does not affect a default installation of Fedora Core; users who do not use, or have not enabled, the Rewrite module are not affected by this issue. - add mod_rewrite security fix (CVE-2006-3747) * Wed Jul 19 2006 Joe Orton 2.2.2-1.1 - fix segfault on dummy connection failure at graceful restart (#199429) * Thu May 11 2006 Joe Orton 2.2.2-1.0 - update to 2.2.2 * Thu Apr 6 2006 Joe Orton 2.2.0-5.2 - fix LDAP issues on 64-bit platforms (#188073) 8d3b53893059ae157e97020f526cd19b727b6b07 SRPMS/httpd-2.2.2-1.2.src.rpm 8d3b53893059ae157e97020f526cd19b727b6b07 noarch/httpd-2.2.2-1.2.src.rpm c6e260470e3b3dc3ff7a405d8da8030a0aee25a1 ppc/mod_ssl-2.2.2-1.2.ppc.rpm 9421d2e77c8dc6713eb7fb01c27b95014c93851b ppc/debug/httpd-debuginfo-2.2.2-1.2.ppc.rpm 11d79c4daeb39b606eb19e715dc656a048f91132 ppc/httpd-2.2.2-1.2.ppc.rpm d8b703262d835cfc5c759b0713f701361fe34492 ppc/httpd-manual-2.2.2-1.2.ppc.rpm 8a918c5f0958fef564556dd97925e97abeb58454 ppc/httpd-devel-2.2.2-1.2.ppc.rpm 89b0ff637e96e67eb5ca8cb949caf239f3fe526a x86_64/mod_ssl-2.2.2-1.2.x86_64.rpm 19fc5d68d4c25965a7cdc5f54af83e628c6302f1 x86_64/debug/httpd-debuginfo-2.2.2-1.2.x86_64.rpm eb3dd7f7720da22479fefbd769bb7f4be28d77b6 x86_64/httpd-devel-2.2.2-1.2.x86_64.rpm 010ff13be32b86ae750a94e0b3950484f80907a7 x86_64/httpd-2.2.2-1.2.x86_64.rpm 9a638a1a7ae2dd82b78c431d4115231046d39bde x86_64/httpd-manual-2.2.2-1.2.x86_64.rpm fe1dfd67f25b3cbf887e371f990939b45098d86f i386/httpd-devel-2.2.2-1.2.i386.rpm d2c290eb660baa41d4ae1c144733d117a60c3e0f i386/httpd-2.2.2-1.2.i386.rpm 8dd2affc726f93482a831a6ce78e7ea319575c73 i386/debug/httpd-debuginfo-2.2.2-1.2.i386.rpm 43faee2d157ce07431100a0560f7bf3d7eeae8f1 i386/mod_ssl-2.2.2-1.2.i386.rpm fc616885d243a7b6a98d545045d65690994ccb2e i386/httpd-manual-2.2.2-1.2.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce
Change Log
References