[SECURITY] Fedora Core 1 Test Update: httpd-2.0.49-1.1

Joe Orton jorton at redhat.com
Mon May 10 20:05:32 UTC 2004 

---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-117
2004-05-10
---------------------------------------------------------------------

Name        : httpd
Version     : 2.0.49                      
Release     : 1.1                  
Summary     : Apache HTTP Server
Description :
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the
Internet.

---------------------------------------------------------------------
Update Information:

This update includes the latest stable release of Apache httpd 2.0,
including a security fix for a memory leak in mod_ssl which can be
triggered remotely (CVE CAN-2004-0113), and a fix for escaping of error
log output (CVE CAN-2003-0020).

This update also includes an enhanced version of the mod_cgi module
which fixes a long-standing bug in the handling of stderr output
during CGI script execution.

Please add any feedback from testing to the tracker bug report:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=118798

---------------------------------------------------------------------

* Fri May 07 2004 Joe Orton <jorton at redhat.com> 2.0.49-1.1

- fix 2.0.48's httpd loading 2.0.49's mod_expires.so

* Fri May 07 2004 Joe Orton <jorton at redhat.com> 2.0.49-1.0

- update to 2.0.49 (thanks to Robert Scheck, #118798)
- make "noindex" page valid XHTML 1.1 (Pascal Volk, #122020)
- restore /etc/httpd/build/libtool symlink (#113720)
- mod_cgi: backport fixes for stderr handling (upstream #22030)
- mod_dav: misc improvements
- add rgetline NUL-termination fixes (Tsurutani Naoki, upstream #28376)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/1/

25e131342d7ba91193a2060939561457  SRPMS/httpd-2.0.49-1.1.src.rpm
c53041217a267836c99f5b17661a91a9  i386/httpd-2.0.49-1.1.i386.rpm
e39588a069962b6a95b1e06401630cbe  i386/httpd-devel-2.0.49-1.1.i386.rpm
450a0cd7d9b9f442583787cbc9faf630  i386/httpd-manual-2.0.49-1.1.i386.rpm
c85fbce55cc6e449d69b0d9053722b4f  i386/mod_ssl-2.0.49-1.1.i386.rpm
b7e7f8d0d1340ed944fc0f2bff22cd1d  i386/debug/httpd-debuginfo-2.0.49-1.1.i386.rpm
43a453f81e7185da6eab0681a094ea48  x86_64/httpd-2.0.49-1.1.x86_64.rpm
6aebe6ef460860e1fa1d40bee8540876  x86_64/httpd-devel-2.0.49-1.1.x86_64.rpm
a07409a4220d7cb0e25fa17b9f0a5cfb  x86_64/httpd-manual-2.0.49-1.1.x86_64.rpm
d798f8673e1b4eca5ed149fc58d87838  x86_64/mod_ssl-2.0.49-1.1.x86_64.rpm
fd7947c0fa75feaae33085f33fc548fb  x86_64/debug/httpd-debuginfo-2.0.49-1.1.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  You may 
need to edit your up2date channels configuration.  Within 
/etc/sysconfig/rhn/sources enable the following line: 
yum updates-testing http://fedora.redhat.com/updates/testing/fedora-core-1
---------------------------------------------------------------------

More information about the fedora-test-list mailing list