[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[SECURITY] Fedora 8 Update: httpd-2.2.8-1.fc8



--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-1695
2008-02-15 21:15:53
--------------------------------------------------------------------------------

Name        : httpd
Product     : Fedora 8
Version     : 2.2.8
Release     : 1.fc8
URL         : http://httpd.apache.org/
Summary     : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.

--------------------------------------------------------------------------------
Update Information:

This update includes the latest release of httpd 2.2, which fixes a number of
minor security issues and other bugs.    A flaw was found in the mod_imagemap
module. On sites where mod_imagemap was enabled and an imagemap file was
publicly available, a cross-site scripting attack was possible. (CVE-2007-5000)
A flaw was found in the mod_status module. On sites where mod_status was enabled
and the status pages were publicly accessible, a cross-site scripting attack was
possible. (CVE-2007-6388)    A flaw was found in the mod_proxy_balancer module.
On sites where  mod_proxy_balancer was enabled, a cross-site scripting attack
against an authorized user was possible. (CVE-2007-6421)    A flaw was found in
the mod_proxy_balancer module. On sites where  mod_proxy_balancer was enabled,
an authorized user could send a carefully crafted request that would cause the
Apache child process handling that request to crash. This could lead to a denial
of service if using a threaded Multi-Processing Module. (CVE-2007-6422)    A
flaw was found in the mod_proxy_ftp module. On sites where  mod_proxy_ftp was
enabled and a forward proxy was configured, a  cross-site scripting attack was
possible against browsers which do not correctly derive the response character
set following the rules in RFC 2616. (CVE-2008-0005)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 28 2008 Joe Orton <jorton redhat com> 2.2.8-1.fc8
- update to 2.2.8 (#430465)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #427228 - CVE-2007-6388 apache mod_status cross-site scripting
        https://bugzilla.redhat.com/show_bug.cgi?id=427228
  [ 2 ] Bug #427229 - CVE-2007-6421 httpd mod_proxy_balancer cross-site scripting
        https://bugzilla.redhat.com/show_bug.cgi?id=427229
  [ 3 ] Bug #427739 - CVE-2008-0005 mod_proxy_ftp XSS
        https://bugzilla.redhat.com/show_bug.cgi?id=427739
  [ 4 ] Bug #419931 - CVE-2007-5000 mod_imagemap XSS
        https://bugzilla.redhat.com/show_bug.cgi?id=419931
  [ 5 ] Bug #427230 - CVE-2007-6422 httpd mod_proxy_balancer crash
        https://bugzilla.redhat.com/show_bug.cgi?id=427230
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update httpd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]