Fedora Legacy Test Update Notification: httpd

Marc Deslauriers marcdeslauriers at videotron.ca
Sun Oct 3 03:58:09 UTC 2004 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2004-2068
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2068
2004-10-02
---------------------------------------------------------------------

Name        : httpd
Versions    : 9: 2.0.40-21.15.legacy, fc1: httpd-2.0.51-1.3.legacy
Summary     : The httpd Web server
Description : 
This package contains a powerful, full-featured, efficient, and
freely-available Web server based on work done by the Apache Software
Foundation. It is also the most popular Web server on the Internet.

---------------------------------------------------------------------
Update Information:

Problems that apply to Red Hat Linux 9 only:

A stack buffer overflow was discovered in mod_ssl that could be
triggered
if using the FakeBasicAuth option. If mod_ssl was sent a client
certificate
with a subject DN field longer than 6000 characters, a stack overflow
occured if FakeBasicAuth had been enabled. In order to exploit this
issue
the carefully crafted malicious certificate would have had to be signed
by
a Certificate Authority which mod_ssl is configured to trust. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name
CAN-2004-0488 to this issue.

A remotely triggered memory leak in the Apache HTTP Server earlier than
version 2.0.50 was also discovered. This allowed a remote attacker to
perform a denial of service attack against the server by forcing it to
consume large amounts of memory. The Common Vulnerabilities and
Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0493 to this
issue.

Problems that apply to Fedora Core 1 only:

Testing using the Codenomicon HTTP Test Tool performed by the Apache
Software Foundation security group and Red Hat uncovered an input
validation issue in the IPv6 URI parsing routines in the apr-util
library.
If a remote attacker sent a request including a carefully crafted URI,
an
httpd child process could be made to crash. This issue is not believed
to
allow arbitrary code execution on Red Hat Enterprise Linux. This issue
also does not represent a significant denial of service attack as
requests
will continue to be handled by other Apache child processes. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name
CAN-2004-0786 to this issue.

An input filter bug in mod_ssl was discovered in Apache httpd version
2.0.50 and earlier. A remote attacker could force an SSL connection to
be
aborted in a particular state and cause an Apache child process to enter
an
infinite loop, consuming CPU resources. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0748 to
this issue.

Note that these packages do also contain the fix for a regression in
Satisfy handling in the 2.0.51 release (CAN-2004-0811).

Problems that apply to both Red Hat Linux 9 and Fedora Core 1:

The Swedish IT Incident Centre (SITIC) reported a buffer overflow in the
expansion of environment variables during configuration file parsing.
This
issue could allow a local user to gain 'apache' privileges if an httpd
process can be forced to parse a carefully crafted .htaccess file
written
by a local user. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0747 to this issue.

An issue was discovered in the mod_ssl module which could be triggered
if
the server is configured to allow proxying to a remote SSL server. A
malicious remote SSL server could force an httpd child process to crash
by
sending a carefully crafted response header. This issue is not believed
to
allow execution of arbitrary code. This issue also does not represent a
significant Denial of Service attack as requests will continue to be
handled by other Apache child processes. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0751 to
this issue.

An issue was discovered in the mod_dav module which could be triggered
for
a location where WebDAV authoring access has been configured. A
malicious
remote client which is authorized to use the LOCK method could force an
httpd child process to crash by sending a particular sequence of LOCK
requests. This issue does not allow execution of arbitrary code. This
issue also does not represent a significant Denial of Service attack as
requests will continue to be handled by other Apache child processes.
The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned
the name CAN-2004-0809 to this issue.

---------------------------------------------------------------------
9 changelog:

* Sat Oct 02 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.0.40-21.15.legacy
 
- added missing autoconf, libtool, zlib-devel, gdbm-devel BuildPrereq
 
* Thu Sep 16 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.0.40-21.14.legacy
 
- add security fixes for CVE CAN-2004-0747, CAN-2004-0751, CAN-2004-0809
 
* Fri Jul 02 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.0.40-21.13.legacy
 
- add security fix for CVE CAN-2004-0493
 
* Wed Jun 02 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.0.40-21.12.legacy
 
- add security fix for CVE CAN-2004-0488

fc1 changelog:

* Sat Oct 02 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.0.51-1.3.legacy
 
- added missing autoconf, libtool, zlib-devel, gdbm-devel BuildPrereq
 
* Fri Sep 24 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
2.0.51-1.2.legacy
 
- fix 2.0.51 regression in Satisfy merging (CAN-2004-0811)
- ap_rgetline_core fix from Rici Lake
 
* Wed Sep 15 2004 Joe Orton <jorton at redhat.com> 2.0.51-1.1
 
- update to 2.0.51, including security fixes for:
 * core: CAN-2004-0747
 * mod_dav_fs: CAN-2004-0809
 * mod_ssl: CAN-2004-0751, CAN-2004-0748

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

61997e8996a1b23033ae454de71a9e91b055d1a8 
redhat/9/updates-testing/i386/httpd-2.0.40-21.15.legacy.i386.rpm
cf9f084087b218e92a0bfab70b3a609ab1d5000e 
redhat/9/updates-testing/i386/httpd-devel-2.0.40-21.15.legacy.i386.rpm
d066d847375e027c357b4d5d63da29e1b586c4eb 
redhat/9/updates-testing/i386/httpd-manual-2.0.40-21.15.legacy.i386.rpm
8f33bda286bf7ffd5bf3d50a7a31a0e90fa5b9ee 
redhat/9/updates-testing/i386/mod_ssl-2.0.40-21.15.legacy.i386.rpm
5937d27e764a0175af86f7e9932a8eca2c959641 
redhat/9/updates-testing/SRPMS/httpd-2.0.40-21.15.legacy.src.rpm
facbb28a24a911ab3cfadc94a1ce13b50b15ceff 
fedora/1/updates-testing/i386/httpd-2.0.51-1.3.legacy.i386.rpm
9738f329a9e5648a3cde3f6a91573d56d29ffd44 
fedora/1/updates-testing/i386/httpd-devel-2.0.51-1.3.legacy.i386.rpm
ec6918ffb15517a85de6447e2b272a9d1afc3fd3 
fedora/1/updates-testing/i386/httpd-manual-2.0.51-1.3.legacy.i386.rpm
777911d1c311c84e0df4aa4589a47a327c63b125 
fedora/1/updates-testing/i386/mod_ssl-2.0.51-1.3.legacy.i386.rpm
6e224a7fcca8e6fc383022dcc092b930352b4e1c 
fedora/1/updates-testing/SRPMS/httpd-2.0.51-1.3.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20041002/f74b9d6f/attachment.sig>

More information about the fedora-legacy-list mailing list