[SECURITY] Fedora Core 6 Test Update: httpd-2.2.4-2.1.fc6

[Joe Orton]

---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2007-615
2007-06-27
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : httpd
Version     : 2.2.4
Release     : 2.1.fc6
Summary     : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.

---------------------------------------------------------------------
Update Information:

The Apache HTTP Server did not verify that a process was an
Apache child process before sending it signals. A local
attacker with the ability to run scripts on the Apache HTTP
Server could manipulate the scoreboard and cause arbitrary
processes to be terminated which could lead to a denial of
service (CVE-2007-3304). This issue is not exploitable on
Fedora if using the default SELinux targeted policy.

A flaw was found in the Apache HTTP Server mod_status
module. On sites where the server-status page is publicly
accessible and ExtendedStatus is enabled this could lead to
a cross-site scripting attack. On Fedora the server-status
page is not enabled by default and it is best practice to
not make this publicly available. (CVE-2006-5752)

A bug was found in the Apache HTTP Server mod_cache module.
On sites where caching is enabled, a remote attacker could
send a carefully crafted request that would cause the Apache
child process handling that request to crash. This could
lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-1863)

A bug was found in the mod_mem_cache module. On sites where
caching is enabled using this module, an information leak
could occur which revealed portions of sensitive memory to
remote users. (CVE-2007-1862)
---------------------------------------------------------------------
* Tue Jun 26 2007 Joe Orton <jorton at redhat.com> 2.2.4-2.1.fc6
- add security fixes for CVE-2006-5752, CVE-2007-1862, 
  CVE-2007-1863, CVE-2007-3304 (#244660)
* Fri Apr 27 2007 Joe Orton <jorton at redhat.com> 2.2.4-2.fc6
- fix loading 2.2.4 DSOs with 2.2.3 httpd (#238045)
- mark httpd.conf noreplace

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/

1f53da28b0b59e8cd1deb3ecbe0ac219f61346e8  SRPMS/httpd-2.2.4-2.1.fc6.src.rpm
1f53da28b0b59e8cd1deb3ecbe0ac219f61346e8  noarch/httpd-2.2.4-2.1.fc6.src.rpm
3787bbec16ba78e1ae999654314ce5acf1c0c21a  ppc/httpd-devel-2.2.4-2.1.fc6.ppc.rpm
93ca85a01cdd0c85548d0119495552c027a47a50  ppc/httpd-2.2.4-2.1.fc6.ppc.rpm
19aeb6e5d8d97fa70a6c8000a981164196bdb282  ppc/debug/httpd-debuginfo-2.2.4-2.1.fc6.ppc.rpm
f46033f98da01f7f994d64cb5d4144d90c7f26e0  ppc/httpd-manual-2.2.4-2.1.fc6.ppc.rpm
5218cc43dec11c3ccabbe3309545fbaf9c615c6b  ppc/mod_ssl-2.2.4-2.1.fc6.ppc.rpm
80a557118f8f7bfdf76714798a4e2243523fe9ac  x86_64/httpd-2.2.4-2.1.fc6.x86_64.rpm
3663f14a581852766904ef0e13ab7ead08848414  x86_64/mod_ssl-2.2.4-2.1.fc6.x86_64.rpm
be1f2e8380743331a8566aafc955907bbe9bd092  x86_64/httpd-manual-2.2.4-2.1.fc6.x86_64.rpm
ba272e0217a9bb3064a68de5c63602919fb40642  x86_64/httpd-devel-2.2.4-2.1.fc6.x86_64.rpm
805fbb4c909e1453dfd0301c8fee82ecbe5cc41a  x86_64/debug/httpd-debuginfo-2.2.4-2.1.fc6.x86_64.rpm
4074b49c75406327023dfb0f2d4b267183619d53  i386/debug/httpd-debuginfo-2.2.4-2.1.fc6.i386.rpm
e72c5706cb8183b00c7a4ac23fa9377aa7693dac  i386/httpd-devel-2.2.4-2.1.fc6.i386.rpm
7c749b2ff3e104d1d182784278ee999dac2cbec8  i386/httpd-manual-2.2.4-2.1.fc6.i386.rpm
8f30d52121c775694e9d9684a195a424601da00f  i386/mod_ssl-2.2.4-2.1.fc6.i386.rpm
089d53cbf0e3c5f04028ebf0f1b4fb33ab1e8d87  i386/httpd-2.2.4-2.1.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------