[SECURITY] Fedora Core 1 Test Update: httpd-2.0.50-1.0

Joe Orton jorton at redhat.com
Thu Jul 1 19:48:46 UTC 2004 

Please add any feedback from testing these packages to
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127088

---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-203
2004-07-01
---------------------------------------------------------------------

Product     : Fedora Core 1
Name        : httpd
Version     : 2.0.50                      
Release     : 1.0                  
Summary     : Apache HTTP Server
Description :
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the
Internet.

---------------------------------------------------------------------
Update Information:

This update includes the latest stable release of Apache httpd 2.0,
including security fixes for a remotely triggerable memory leak 
(CVE CAN-2004-0493), and a buffer overflow in mod_ssl which can be
triggered only by a (trusted) client certificate with a long subject
DN field (CVE CAN-2004-0488).

---------------------------------------------------------------------
* Thu Jul 01 2004 Joe Orton <jorton at redhat.com> 2.0.50-1.0

- update to 2.0.50 (CVE CAN-2004-0488, CAN-2004-0493, #126864, #125047)
- mod_autoindex: don't truncate output on stat() failure (#126930)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/1/

861c7980a2b2ed152e5628917bdefe9e  SRPMS/httpd-2.0.50-1.0.src.rpm
92c5ca1aaef650cf03b24b78699ce7cb  x86_64/httpd-2.0.50-1.0.x86_64.rpm
f9395f4dd177e35b9ba29dc5b92b2580  x86_64/httpd-devel-2.0.50-1.0.x86_64.rpm
3d10f37b6cf2a2a094073f75771c07bc  x86_64/httpd-manual-2.0.50-1.0.x86_64.rpm
f519f3f16d0b5eb57596bcc10f8cc755  x86_64/mod_ssl-2.0.50-1.0.x86_64.rpm
d983358412e787b7820917397a37c01a  x86_64/debug/httpd-debuginfo-2.0.50-1.0.x86_64.rpm
03d5df7da18760f36da3559dbc541bbc  i386/httpd-2.0.50-1.0.i386.rpm
950de3380e9f9b100a059f04711f2483  i386/httpd-devel-2.0.50-1.0.i386.rpm
e5e053b6fcd794c4d47552c388060d27  i386/httpd-manual-2.0.50-1.0.i386.rpm
e5a9f5027154700235c2759237aa4cea  i386/mod_ssl-2.0.50-1.0.i386.rpm
f52d9c9ff63d09bcc1bc2ea2161b3f7d  i386/debug/httpd-debuginfo-2.0.50-1.0.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  You may 
need to edit your up2date channels configuration.  Within 
/etc/sysconfig/rhn/sources enable the following line: 
yum updates-testing http://fedora.redhat.com/updates/testing/fedora-core-1
---------------------------------------------------------------------

More information about the fedora-test-list mailing list