This update includes the latest upstream release of the Apache HTTP Server, version 2.4.33. A number of security vulnerabilities are fixed in this release:
For more information about changes in this release, see: https://www.apache.org/dist/httpd/CHANGES_2.4.33
| submitted | a year ago |
| in testing | a year ago |
| modified | a year ago |
| 0 | 0 | #1560174 httpd-2.4.33 is available |
| 0 | 0 | #1560396 CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications [fedora-all] |
| 0 | 0 | #1560400 CVE-2018-1303 httpd: http: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service [fedora-all] |
| 0 | 0 | #1560616 CVE-2017-15710 httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values [fedora-all] |
| 0 | 0 | #1560618 CVE-2017-15715 httpd: <filesmatch> bypass with a trailing newline in the file name [fedora-all]</filesmatch> |
| 0 | 0 | #1560635 CVE-2018-1312 httpd: Weak Digest auth nonce generation in mod_auth_digest [fedora-all] |
| 0 | 0 | #1560644 CVE-2018-1301 httpd: Out of bound access after failure in reading the HTTP request [fedora-all] |
| 0 | 0 | Test Case HTTPd |
jorton
This update has been submitted for testing by jorton.
jorton edited this update.
This update has been pushed to testing.
This will cause all existing deployments to fail to start: https://bugzilla.redhat.com/show_bug.cgi?id=1562413
adamwill edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been submitted for testing by adamwill.
thank you
This update has been pushed to testing.
works
Works
This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.
works for me in a VM
This update has been obsoleted by httpd-2.4.33-4.fc26.