Fedora alert FEDORA-2007-707 (httpd)

From:
    	     
 
"Joe Orton" <jorton@redhat.com>
To:
    	     
 
fedora-package-announce@redhat.com
Subject:
    	     
 
[SECURITY] Fedora Core 6 Update: httpd-2.2.6-1.fc6
Date:
    	     
 
Mon, 24 Sep 2007 16:29:48 -0400
Message-ID:
    	     
 
<200709242029.l8OKTm4T022913@int-mx1.corp.redhat.com>
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-707
2007-09-24
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : httpd
Version     : 2.2.6
Release     : 1.fc6
Summary     : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.

---------------------------------------------------------------------
Update Information:

This update includes the latest release of httpd, fixing two
security issues.

A flaw was found in the mod_proxy module. On sites where a
reverse proxy is configured, a remote attacker could send a
carefully crafted request that would cause the Apache child
process handling that request to crash. On sites where a
forward proxy is configured, an attacker could cause a
similar crash if a user could be persuaded to visit a
malicious site using the proxy. This could lead to a denial
of service if using a threaded Multi-Processing Module.
(CVE-2007-3847)

A flaw was found in the mod_autoindex module.  On sites
where directory listings are used, and the AddDefaultCharset
directive has been removed from the configuration, a
cross-site-scripting attack may be possible against browsers
which do not correctly derive the response character set
following the rules in RFC 2616. (CVE-2007-4465)
---------------------------------------------------------------------
* Tue Sep 18 2007 Joe Orton <jorton@redhat.com> 2.2.6-1.fc6
- update to 2.2.6

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/u...

f2d7130ea550e25331f14cff26066fbc9a978abd  SRPMS/httpd-2.2.6-1.fc6.src.rpm
f2d7130ea550e25331f14cff26066fbc9a978abd  noarch/httpd-2.2.6-1.fc6.src.rpm
2194fc3927adaf1b9784bcadcfeaee941a419f8b  ppc/debug/httpd-debuginfo-2.2.6-1.fc6.ppc.rpm
49f865e0fc193b89590202b5ca66a012ccc3fc4f  ppc/httpd-devel-2.2.6-1.fc6.ppc.rpm
3db0e4f54f9d9cab85243d6c134a97ce748f9688  ppc/mod_ssl-2.2.6-1.fc6.ppc.rpm
566e7527c04b7358f99f800412a669ebcb0c5438  ppc/httpd-2.2.6-1.fc6.ppc.rpm
5af15e960f40607bbe6b62f63d979278b360b4c1  ppc/httpd-manual-2.2.6-1.fc6.ppc.rpm
2b0502d4915d3fab6417963d971f484c7215b419  x86_64/debug/httpd-debuginfo-2.2.6-1.fc6.x86_64.rpm
c3f8001e0c99f8847f286d48abb76461e77bc80d  x86_64/httpd-manual-2.2.6-1.fc6.x86_64.rpm
761c0ce29a2e40191f3f1b0f0575d507c0e61b7a  x86_64/httpd-devel-2.2.6-1.fc6.x86_64.rpm
897dda6971bc3c1fa65cb61acf0f370b3c6743ad  x86_64/mod_ssl-2.2.6-1.fc6.x86_64.rpm
13224b1e1e34639fbe61778db72e36896937752c  x86_64/httpd-2.2.6-1.fc6.x86_64.rpm
ea0c36272d58058375243fd083baa4cf7cdd1410  i386/httpd-manual-2.2.6-1.fc6.i386.rpm
9309193f84872e474773559dd588f1c96fa6b72e  i386/debug/httpd-debuginfo-2.2.6-1.fc6.i386.rpm
a219ca1f181e2a0d5161423ad5226ff37770cec0  i386/httpd-devel-2.2.6-1.fc6.i386.rpm
d1cd17eeef15e89ea514d6795a408452092ae552  i386/mod_ssl-2.2.6-1.fc6.i386.rpm
f60adf43a42115b4a3c3f4ae1e65eb1fc08c5de9  i386/httpd-2.2.6-1.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...