Описание
ELSA-2014-1972: httpd24-httpd security and bug fix update (LOW)
[2.4.6-22.0.1.el6]
- remove enable-tlsv1x-thunks to fit openssl 1.x api
- replace index.html with Oracle's index page oracle_index.html
- update vstring in specfile
[2.4.6-22]
- Remove mod_proxy_fcgi fix for heap-based buffer overflow, httpd-2.4.6 is not affected (CVE-2014-3583)
[2.4.6-21]
- mod_proxy_wstunnel: Fix the use of SSL with the 'wss:' scheme (#1141950)
[2.4.6-20]
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
- mod_proxy_fcgi: fix heap-based buffer overflow (CVE-2014-3583)
[2.4.6-19]
- mod_cgid: add security fix for CVE-2014-0231
- mod_proxy: add security fix for CVE-2014-0117
- mod_deflate: add security fix for CVE-2014-0118
- mod_status: add security fix for CVE-2014-0226
- mod_cache: add secutiry fix for CVE-2013-4352
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
httpd24-httpd
2.4.6-22.0.1.el6
httpd24-httpd-devel
2.4.6-22.0.1.el6
httpd24-httpd-manual
2.4.6-22.0.1.el6
httpd24-httpd-tools
2.4.6-22.0.1.el6
httpd24-mod_ldap
2.4.6-22.0.1.el6
httpd24-mod_proxy_html
2.4.6-22.0.1.el6
httpd24-mod_session
2.4.6-22.0.1.el6
httpd24-mod_ssl
2.4.6-22.0.1.el6
Связанные CVE
Связанные уязвимости
ELSA-2015-0325: httpd security, bug fix, and enhancement update (LOW)
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.