httpd 보안 업데이트
업데이트 : 2014.07.30
이름 : httpd-1:2.2.27-2.an2
벤더 : AnNyung Packaging Team
설명 :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
Building option:
--with cent4 : if build on cent4
변경사항
- security issues:
. CVE-2014-0118
The deflate_in_filter function in mod_deflate.c in the mod_deflate
module in the Apache HTTP Server before 2.4.10, when request body
decompression is enabled, allows remote attackers to cause a denial
of service (resource consumption) via crafted request data that
decompresses to a much larger size.
. CVE-2014-0226
Race condition in the mod_status module in the Apache HTTP Server
before 2.4.10 allows remote attackers to cause a denial of service
(heap-based buffer overflow), or possibly obtain sensitive credential
information or execute arbitrary code, via a crafted request that
triggers improper scoreboard handling within the status_handler
function in modules/generators/mod_status.c and the
lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
. CVE-2014-0231
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not
have a timeout mechanism, which allows remote attackers to cause a
denial of service (process hang) via a request to a CGI script that
does not read from its stdin file descriptor.
업데이트 패키지
SRPMS:
. httpd-2.2.27-2.an2.src.rpm
x86_64:
. httpd-ssl-2.2.27-2.an2.x86_64.rpm
. httpd-devel-2.2.27-2.an2.x86_64.rpm
. httpd-2.2.27-2.an2.x86_64.rpm
. httpd-tools-2.2.27-2.an2.x86_64.rpm
. httpd-manual-2.2.27-2.an2.x86_64.rpm
i686:
. httpd-2.2.27-2.an2.i686.rpm
. httpd-manual-2.2.27-2.an2.i686.rpm
. httpd-ssl-2.2.27-2.an2.i686.rpm
. httpd-devel-2.2.27-2.an2.i686.rpm
. httpd-tools-2.2.27-2.an2.i686.rpm
|