| |||||||||||||||||||
Fedora alert FEDORA-2013-4541 (httpd)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2013-4541 2013-03-29 00:54:35 -------------------------------------------------------------------------------- Name : httpd Product : Fedora 18 Version : 2.4.4 Release : 2.fc18 URL : http://httpd.apache.org/ Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server. -------------------------------------------------------------------------------- Update Information: This update contains the latest release of the Apache HTTP Server, version 2.4.4. Two security issues are resolved in this update: * Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. (CVE-2012-3499) * An Cross-Site-Scripting attack against the mod_proxy_balancer manager interface. (CVE-2012-4558) Numerous bug fixes and minor enhancements are also included; for more information see: http://www.apache.org/dist/httpd/CHANGES_2.4.4 -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-2 - really package mod_auth_form in mod_session (#915438) * Tue Feb 26 2013 Joe Orton <jorton@redhat.com> - 2.4.4-1 - update to 2.4.4 - fix duplicate ownership of mod_session config (#914901) * Fri Feb 22 2013 Joe Orton <jorton@redhat.com> - 2.4.3-17 - add mod_session subpackage, move mod_auth_form there (#894500) * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.3-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Tue Jan 8 2013 Joe Orton <jorton@redhat.com> - 2.4.3-15 - add systemd service for htcacheclean * Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-14 - drop patch for r1344712 * Tue Nov 13 2012 Joe Orton <jorton@redhat.com> - 2.4.3-13 - filter mod_*.so auto-provides (thanks to rcollet) - pull in syslog logging fix from upstream (r1344712) -------------------------------------------------------------------------------- References: [ 1 ] Bug #915883 - CVE-2012-3499 httpd: multiple XSS flaws due to unescaped hostnames https://bugzilla.redhat.com/show_bug.cgi?id=915883 [ 2 ] Bug #915884 - CVE-2012-4558 httpd: XSS flaw in mod_proxy_balancer manager interface https://bugzilla.redhat.com/show_bug.cgi?id=915884 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update httpd' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-... (Log in to post comments)
|
|||||||||||||||||||