Описание
ELSA-2014-0369: httpd security update (MODERATE)
[2.2.3-85.0.1.el5_10]
- fix mod_ssl always performing full renegotiation (Joe Jin) [orabug 12423387]
- replace index.html with Oracle's index page oracle_index.html
- update vstring and distro in specfile
[2.2.3-85]
- mod_log_config: add security fix for CVE-2014-0098 (#1078176)
[2.2.3-84]
- mod_dav: add security fix for CVE-2013-6438 (#1078176)
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
httpd
2.2.3-85.0.1.el5_10
httpd-devel
2.2.3-85.0.1.el5_10
httpd-manual
2.2.3-85.0.1.el5_10
mod_ssl
2.2.3-85.0.1.el5_10
Oracle Linux x86_64
httpd
2.2.3-85.0.1.el5_10
httpd-devel
2.2.3-85.0.1.el5_10
httpd-manual
2.2.3-85.0.1.el5_10
mod_ssl
2.2.3-85.0.1.el5_10
Oracle Linux i386
httpd
2.2.3-85.0.1.el5_10
httpd-devel
2.2.3-85.0.1.el5_10
httpd-manual
2.2.3-85.0.1.el5_10
mod_ssl
2.2.3-85.0.1.el5_10
Связанные CVE
Связанные уязвимости
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.