ELSA-2015-1666

Описание

[2.4.12-6.0.1.el7.1]

• replace index.html with Oracles index page oracle_index.html
• update vstring in specfile

[2.4.12-6.1]

• core: fix chunk header parsing defect (CVE-2015-3183)
• core: replace of ap_some_auth_required with ap_some_authn_required and ap_force_authn hook (CVE-2015-3185)
• core: fix pointer dereference crash with ErrorDocument 400 pointing to a local URL-path (CVE-2015-0253)
• mod_lua: fix possible mod_lua crash due to websocket bug (CVE-2015-0228)

[2.4.12-6]

• remove old sslsninotreq patch (#1199040)

[2.4.12-5]

• fix wrong path to document root in httpd.conf (#1196559)

[2.4.12-4]

• fix SELinux context of httpd-scl-wrapper (#1193456)

[2.4.12-3]

• include apr_skiplist and build against system APR/APR-util (#1187646)

[2.4.12-2]

• rebuild against new APR/APR-util (#1187646)

[2.4.12-1]

• update to version 2.4.12
• fix possible crash in SIGINT handling (#1184034)

[2.4.10-2]

• allow enabling additional SCLs using service-environment file
• enable mod_request by default for mod_auth_form
• move disabled-by-default modules from 00-base.conf to 00-optional.conf

[2.4.10-1]

• update to 2.4.10
• remove mod_proxy_html obsolete (#1174790)
• remove dbmmanage from httpd-tools (#1151375)
• add slash before root_libexecdir macro (#1149076)
• ab: fix integer overflow when printing stats with lot of requests (#1091650)
• mod_ssl: use 2048-bit RSA key with SHA-256 signature in dummy certificate (#1079925)