[SECURITY] Fedora Core 4 Update: httpd-2.0.54-10.4

Joseph Orton jorton at redhat.com
Fri Jul 28 15:45:26 UTC 2006 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-862
2006-07-28
---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : httpd
Version     : 2.0.54
Release     : 10.4
Summary     : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, full-featured, efficient, and
freely-available Web server. The Apache HTTP Server is also the
most popular Web server on the Internet.

---------------------------------------------------------------------
Update Information:

This update fixes a security issue in the mod_rewrite module.

Mark Dowd of McAfee Avert Labs reported an off-by-one
security problem in the LDAP scheme handling of the
mod_rewrite module. Where RewriteEngine was enabled, and for
certain RewriteRules, this could lead to a pointer being
written out of bounds.   (CVE-2006-3747)

The ability to exploit this issue is dependent on the stack
layout for a particular compiled version of mod_rewrite. 
The Fedora project has analyzed Fedora Core 4 and 5 binaries
and determined that these distributions are vulnerable to
this issue.  However this flaw does not affect a default
installation of Fedora Core; users who do not use, or have
not enabled, the Rewrite module are not affected by this
issue.
---------------------------------------------------------------------
* Wed Jul 26 2006 Joe Orton <jorton at redhat.com> 2.0.54-10.4
- add mod_rewrite security fix (CVE-2006-3747)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

81317d5161ff11f6deab496b0562119d0bfc0990  SRPMS/httpd-2.0.54-10.4.src.rpm
81317d5161ff11f6deab496b0562119d0bfc0990  noarch/httpd-2.0.54-10.4.src.rpm
b88cd0f579e2bc914ee974bf426b1a2c8b3b7fb2  ppc/httpd-2.0.54-10.4.ppc.rpm
caed7cf66d784e66969ed8cada0ecfca9212b5ef  ppc/httpd-devel-2.0.54-10.4.ppc.rpm
2b0402a1eb83397b24626d78fae0425a1c3a6817  ppc/httpd-manual-2.0.54-10.4.ppc.rpm
883017704eee9b39ffdd6ccf52ad933a51f6ca27  ppc/mod_ssl-2.0.54-10.4.ppc.rpm
0ab368e365f817e9dcd4dcccfc6c0f8898a1f6db  ppc/debug/httpd-debuginfo-2.0.54-10.4.ppc.rpm
d27f116a3c7b2f64da314578aa6da7eac590ce34  x86_64/httpd-2.0.54-10.4.x86_64.rpm
14e761d0f7aa7b1f15e0d6c6f8861e0d138ec8e1  x86_64/httpd-devel-2.0.54-10.4.x86_64.rpm
f35c3789a97243bc06bb9c04a749c6f148c85b6b  x86_64/httpd-manual-2.0.54-10.4.x86_64.rpm
387155db70ff3e93a23c5cbf0a27548381569170  x86_64/mod_ssl-2.0.54-10.4.x86_64.rpm
571ed80d32e00125ffc279cc96cbac57be4f9bc2  x86_64/debug/httpd-debuginfo-2.0.54-10.4.x86_64.rpm
f8ce1790f54264d675912055f91b4148751a4eec  i386/httpd-2.0.54-10.4.i386.rpm
c76b6c07cb048b901e569ec02375dfd3570c78c7  i386/httpd-devel-2.0.54-10.4.i386.rpm
d827df74b0a5dbc5e595d84d00ad648fbd4d0da7  i386/httpd-manual-2.0.54-10.4.i386.rpm
5e0c509e87c6a9875c7df3bb1a239adcb4f1169f  i386/mod_ssl-2.0.54-10.4.i386.rpm
e7f948349cdbe8b6442eb30c53571a5880506c6d  i386/debug/httpd-debuginfo-2.0.54-10.4.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

More information about the Fedora-package-announce mailing list