--------------------------------------------------------------------- Fedora Update Notification FEDORA-2006-862 2006-07-28 ---------------------------------------------------------------------
Product : Fedora Core 4 Name : httpd Version : 2.0.54 Release : 10.4 Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. The Apache HTTP Server is also the most popular Web server on the Internet.
--------------------------------------------------------------------- Update Information:
This update fixes a security issue in the mod_rewrite module.
Mark Dowd of McAfee Avert Labs reported an off-by-one security problem in the LDAP scheme handling of the mod_rewrite module. Where RewriteEngine was enabled, and for certain RewriteRules, this could lead to a pointer being written out of bounds. (CVE-2006-3747)
The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. The Fedora project has analyzed Fedora Core 4 and 5 binaries and determined that these distributions are vulnerable to this issue. However this flaw does not affect a default installation of Fedora Core; users who do not use, or have not enabled, the Rewrite module are not affected by this issue. --------------------------------------------------------------------- * Wed Jul 26 2006 Joe Orton jorton@redhat.com 2.0.54-10.4 - add mod_rewrite security fix (CVE-2006-3747)
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
81317d5161ff11f6deab496b0562119d0bfc0990 SRPMS/httpd-2.0.54-10.4.src.rpm 81317d5161ff11f6deab496b0562119d0bfc0990 noarch/httpd-2.0.54-10.4.src.rpm b88cd0f579e2bc914ee974bf426b1a2c8b3b7fb2 ppc/httpd-2.0.54-10.4.ppc.rpm caed7cf66d784e66969ed8cada0ecfca9212b5ef ppc/httpd-devel-2.0.54-10.4.ppc.rpm 2b0402a1eb83397b24626d78fae0425a1c3a6817 ppc/httpd-manual-2.0.54-10.4.ppc.rpm 883017704eee9b39ffdd6ccf52ad933a51f6ca27 ppc/mod_ssl-2.0.54-10.4.ppc.rpm 0ab368e365f817e9dcd4dcccfc6c0f8898a1f6db ppc/debug/httpd-debuginfo-2.0.54-10.4.ppc.rpm d27f116a3c7b2f64da314578aa6da7eac590ce34 x86_64/httpd-2.0.54-10.4.x86_64.rpm 14e761d0f7aa7b1f15e0d6c6f8861e0d138ec8e1 x86_64/httpd-devel-2.0.54-10.4.x86_64.rpm f35c3789a97243bc06bb9c04a749c6f148c85b6b x86_64/httpd-manual-2.0.54-10.4.x86_64.rpm 387155db70ff3e93a23c5cbf0a27548381569170 x86_64/mod_ssl-2.0.54-10.4.x86_64.rpm 571ed80d32e00125ffc279cc96cbac57be4f9bc2 x86_64/debug/httpd-debuginfo-2.0.54-10.4.x86_64.rpm f8ce1790f54264d675912055f91b4148751a4eec i386/httpd-2.0.54-10.4.i386.rpm c76b6c07cb048b901e569ec02375dfd3570c78c7 i386/httpd-devel-2.0.54-10.4.i386.rpm d827df74b0a5dbc5e595d84d00ad648fbd4d0da7 i386/httpd-manual-2.0.54-10.4.i386.rpm 5e0c509e87c6a9875c7df3bb1a239adcb4f1169f i386/mod_ssl-2.0.54-10.4.i386.rpm e7f948349cdbe8b6442eb30c53571a5880506c6d i386/debug/httpd-debuginfo-2.0.54-10.4.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. ---------------------------------------------------------------------
package-announce@lists.fedoraproject.org