Описание
ELSA-2013-0130: httpd security, bug fix, and enhancement update (LOW)
[2.2.3-74.0.1.el5]
- fix mod_ssl always performing full renegotiation (Joe Jin) [orabug 12423387]
- replace index.html with Oracle's index page oracle_index.html
- update vstring and distro in specfile
[2.2.3-74]
- further %post scriptlet fix (#752618, #867736)
[2.2.3-73]
- fix %post scriptlet output (#752618, #867736)
[2.2.3-72]
- add security fix for CVE-2008-0456
[2.2.3-71]
- add security fix for CVE-2012-2687 (#850794)
[2.2.3-70]
- relax checks for status-line validity (#853128)
[2.2.3-69]
- mod_cache: fix header merging for 304 case, thanks to Roy Badami (#845532)
- correct CVE reference in old changelog entry (#849160)
[2.2.3-68]
- mod_ssl: add _userID DN variable suffix for NID_userId (#840036)
- fix handling of long chunk-line (#840845)
- omit %posttrans daemon restart if /etc/sysconfig/httpd-disable-posttrans exists (#833042)
[2.2.3-67]
- add server aliases to 'httpd -S' output (#833043)
- LSB compliance fixes for init script (#783242)
- mod_ldap: add LDAPReferrals directive alias (#727342)
[2.2.3-66]
- check if localhost.key is valid (#752618)
- mod_proxy_ajp: honour ProxyErrorOverride (#767890)
- mod_ssl: fixed start with FIPS 140-2 mode enabled (#773473)
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
httpd
2.2.3-74.0.1.el5
httpd-devel
2.2.3-74.0.1.el5
httpd-manual
2.2.3-74.0.1.el5
mod_ssl
2.2.3-74.0.1.el5
Oracle Linux x86_64
httpd
2.2.3-74.0.1.el5
httpd-devel
2.2.3-74.0.1.el5
httpd-manual
2.2.3-74.0.1.el5
mod_ssl
2.2.3-74.0.1.el5
Oracle Linux i386
httpd
2.2.3-74.0.1.el5
httpd-devel
2.2.3-74.0.1.el5
httpd-manual
2.2.3-74.0.1.el5
mod_ssl
2.2.3-74.0.1.el5
Связанные CVE
Связанные уязвимости
ELSA-2013-0512: httpd security, bug fix, and enhancement update (LOW)
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
Multiple cross-site scripting (XSS) vulnerabilities in the make_varian ...