You are here
Home > Preporuke > Ranjivosti programskog paketa httpd

Ranjivosti programskog paketa httpd

——————————————————————————–
Fedora Update Notification
FEDORA-2014-8742
2014-07-24 02:40:48
——————————————————————————–

Name : httpd
Product : Fedora 20
Version : 2.4.10
Release : 1.fc20
URL : http://httpd.apache.org/
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.

——————————————————————————–
Update Information:

This update includes the latest stable release of the Apache HTTP Server, httpd 2.4.10.

——————————————————————————–
ChangeLog:

* Mon Jul 21 2014 Joe Orton <jorton@redhat.com> – 2.4.10-1
– update to 2.4.10 (#1120614)
– expand variables in docdir example configs
* Fri Mar 28 2014 Jan Kaluza <jkaluza@redhat.com> – 2.4.9-2
– add support for SetHandler + proxy (#1078970)
* Thu Mar 27 2014 Jan Kaluza <jkaluza@redhat.com> – 2.4.9-1
– update to 2.4.9
* Thu Feb 20 2014 Jan Kaluza <jkaluza@redhat.com> – 2.4.7-3
– fix graceful restart using legacy actions
– Create drop directory for systemd snippets
– use 2048-bit RSA key with SHA-256 signature in dummy certificate
* Thu Dec 12 2013 Joe Orton <jorton@redhat.com> – 2.4.7-2
– conflict with pre-1.5.0 APR
– fix sslsninotreq patch
* Wed Nov 27 2013 Joe Orton <jorton@redhat.com> – 2.4.7-1
– update to 2.4.7 (#1034071)
* Fri Nov 22 2013 Joe Orton <jorton@redhat.com> – 2.4.6-10
– switch to requiring system-logos-httpd (#1031288)
* Tue Nov 12 2013 Joe Orton <jorton@redhat.com> – 2.4.6-9
– change mmnisa to drop “-” altogether
* Tue Nov 12 2013 Joe Orton <jorton@redhat.com> – 2.4.6-8
– drop ambiguous invalid “-” in RHS of httpd-mmn Provide, keeping old Provide
for transition
* Fri Nov 1 2013 Jan Kaluza <jkaluza@redhat.com> – 2.4.6-7
– systemd: use {MAINPID} notation to ensure /bin/kill has always the second arg
——————————————————————————–
References:

[ 1 ] Bug #1120596 – CVE-2014-0231 httpd: mod_cgid denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=1120596
[ 2 ] Bug #1120599 – CVE-2014-0117 httpd: mod_proxy denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=1120599
[ 3 ] Bug #1120601 – CVE-2014-0118 httpd: mod_deflate denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=1120601
[ 4 ] Bug #1120603 – CVE-2014-0226 httpd: mod_status heap-based buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1120603
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update httpd’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Sigurnosni propust programskog paketa ipython

Otkriven je sigurnosni propust programskog paketa ipython za Fedoru OS. Ustanovljeno je da je poslužitelj web sučelja IPython's Notebook podložan...

Close