httpd-2.4.33-2.fc26
FEDORA-2018-22b25bab31 created by jorton 3 years ago for Fedora 26
obsolete

This update includes the latest upstream release of the Apache HTTP Server, version 2.4.33. A number of security vulnerabilities are fixed in this release:

  • Low: Possible out of bound read in mod_cache_socache (CVE-2018-1303)
  • Low: Possible out of bound access after failure in reading the HTTP request (CVE-2018-1301)
  • Low: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)
  • Low: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715)
  • Low: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)
  • Moderate: Tampering of mod_session data for CGI applications (CVE-2018-1283)

For more information about changes in this release, see: https://www.apache.org/dist/httpd/CHANGES_2.4.33

This update has been submitted for testing by jorton.

3 years ago

jorton edited this update.

3 years ago

This update has been pushed to testing.

3 years ago
User Icon adamwill commented & provided feedback 3 years ago
karma

This will cause all existing deployments to fail to start: https://bugzilla.redhat.com/show_bug.cgi?id=1562413

adamwill edited this update.

New build(s):

  • httpd-2.4.33-2.fc26

Removed build(s):

  • httpd-2.4.33-1.fc26

Karma has been reset.

3 years ago

This update has been submitted for testing by adamwill.

3 years ago
User Icon itamarjp commented & provided feedback 3 years ago
karma

thank you

This update has been pushed to testing.

3 years ago
User Icon danniel commented & provided feedback 3 years ago
karma

works

User Icon pwalter commented & provided feedback 3 years ago
karma

Works

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

3 years ago
User Icon cserpentis commented & provided feedback 3 years ago
karma

works for me in a VM

This update has been obsoleted by httpd-2.4.33-4.fc26.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
4
Signed
Content Type
RPM
Test Gating
Builds
1
httpd-2.4.33-2.fc26
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
3 years ago
modified
3 years ago
BZ#1560174 httpd-2.4.33 is available
0
0
BZ#1560396 CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications [fedora-all]
0
0
BZ#1560400 CVE-2018-1303 httpd: http: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service [fedora-all]
0
0
BZ#1560616 CVE-2017-15710 httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values [fedora-all]
0
0
BZ#1560618 CVE-2017-15715 httpd: <FilesMatch> bypass with a trailing newline in the file name [fedora-all]
0
0
BZ#1560635 CVE-2018-1312 httpd: Weak Digest auth nonce generation in mod_auth_digest [fedora-all]
0
0
BZ#1560644 CVE-2018-1301 httpd: Out of bound access after failure in reading the HTTP request [fedora-all]
0
0

Automated Test Results

Test Cases
0 0 Test Case HTTPd

Copyright © 2007-2019 Red Hat, Inc. and others.

Running bodhi-5.7.0 on bodhi-web-118-sgc2f.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy