[SECURITY] Fedora Core 2 Update: httpd-2.0.51-2.9

Jeremy Rosengren jeremy.rosengren at gmail.com
Fri Nov 12 22:08:56 UTC 2004


I'm curious, why wouldn't FC2 get 2.0.52?  Considering FC2 had 2.0.49
at release and has since been upgraded to 2.0.51, is there some
specific reason not to push 2.0.52 out to FC2 updates?

Thanks,

-- jeremy


On Fri, 12 Nov 2004 21:18:00 +0000, Joe Orton <jorton at redhat.com> wrote:
> ---------------------------------------------------------------------
> Fedora Update Notification
> FEDORA-2004-420
> 2004-11-12
> ---------------------------------------------------------------------
> 
> Product     : Fedora Core 2
> Name        : httpd
> Version     : 2.0.51
> Release     : 2.9
> Summary     : Apache HTTP Server
> Description :
> Apache is a powerful, full-featured, efficient, and freely-available
> Web server. Apache is also the most popular Web server on the
> Internet.
> 
> ---------------------------------------------------------------------
> 
> This update includes the fixes for an issue in mod_ssl which could
> lead to a bypass of an SSLCipherSuite setting in directory or location
> context (CVE CAN-2004-0885), and a memory consumption denial of
> service issue in the handling of request header lines (CVE
> CAN-2004-0942).
> 
> ---------------------------------------------------------------------
> 
> * Thu Nov 11 2004 Joe Orton <jorton at redhat.com> 2.0.51-2.9
> 
> - add fix for memory consumption DoS, CAN-2004-0942
> - mod_ssl: add fix for SSLCipherSuite bypass, CAN-2004-0885
> 
> ---------------------------------------------------------------------
> This update can be downloaded from:
>   http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
> 
> b202b93fa33a117c576f49b0b6ea8cce  SRPMS/httpd-2.0.51-2.9.src.rpm
> d44a26a035bef7f26249e1d0a7ae95b4  x86_64/httpd-2.0.51-2.9.x86_64.rpm
> 0920735cfe93100965958df44e6cca28  x86_64/httpd-devel-2.0.51-2.9.x86_64.rpm
> 50681f4ed4f3448fa1f8fd86ce41d749  x86_64/httpd-manual-2.0.51-2.9.x86_64.rpm
> 1b3230a8c205bdf96464d4ecc51bea40  x86_64/mod_ssl-2.0.51-2.9.x86_64.rpm
> fae759a29d5ac1eacfb947ec4b447994  x86_64/debug/httpd-debuginfo-2.0.51-2.9.x86_64.rpm
> d8e4ed9aafd639fdfab26e6fe3cd8c29  i386/httpd-2.0.51-2.9.i386.rpm
> cd1ab7ce0fcc375de0d6db748babc753  i386/httpd-devel-2.0.51-2.9.i386.rpm
> 341a963e8ac8aba17c18eaebc7ac27c1  i386/httpd-manual-2.0.51-2.9.i386.rpm
> f227c579f61c355c594f8e790695bcd8  i386/mod_ssl-2.0.51-2.9.i386.rpm
> dc3be7afa997f09293b82caaae505f7b  i386/debug/httpd-debuginfo-2.0.51-2.9.i386.rpm
> 
> This update can also be installed with the Update Agent; you can
> launch the Update Agent with the 'up2date' command.
> ---------------------------------------------------------------------
> 
> 
> --
> fedora-announce-list mailing list
> fedora-announce-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-announce-list
> 
> 
>




More information about the fedora-list mailing list