FEDORA-2017-9ded7c5670

security update in Fedora 25 for httpd

Status: stable 2 years ago

File /etc/sysconfig/httpd is ghosted now


Version update


Security fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679

How to install

sudo dnf upgrade --advisory=FEDORA-2017-9ded7c5670

Comments 8

This update has been submitted for testing by luhliarik.

This update has obsoleted httpd-2.4.27-1.fc25, and has inherited its bugs and notes.

This update has been pushed to testing.

works for me

karma: +1

works for me in a VM

karma: +1

no regressions noted

karma: +1

This update has been submitted for stable by bodhi.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1463194 CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass
#1463197 CVE-2017-3169 httpd: mod_ssl NULL pointer dereference
#1463199 CVE-2017-7659 httpd: mod_http2 NULL pointer dereference
#1463205 CVE-2017-7668 httpd: ap_find_token() buffer overread
#1463207 CVE-2017-7679 httpd: mod_mime buffer overread
#1463208 CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 httpd: various flaws [fedora-all]
#1469103 httpd-2.4.27 is available
#1469959 httpd update cleaned out /etc/sysconfig
Test Case HTTPd
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 8

00 #1463194 CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass
00 #1463197 CVE-2017-3169 httpd: mod_ssl NULL pointer dereference
00 #1463199 CVE-2017-7659 httpd: mod_http2 NULL pointer dereference
00 #1463205 CVE-2017-7668 httpd: ap_find_token() buffer overread
00 #1463207 CVE-2017-7679 httpd: mod_mime buffer overread
00 #1463208 CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 httpd: various flaws [fedora-all]
00 #1469103 httpd-2.4.27 is available
00 #1469959 httpd update cleaned out /etc/sysconfig

Automated Test Results

Test Cases

00 Test Case HTTPd