FEDORA-2018-375e3244b6

security update in Fedora 27 for httpd

Status: stable 2 years ago

This update includes the latest upstream release of the Apache HTTP Server, version 2.4.33. A number of security vulnerabilities are fixed in this release:

  • Low: Possible out of bound read in mod_cache_socache (CVE-2018-1303)
  • Low: Possible out of bound access after failure in reading the HTTP request (CVE-2018-1301)
  • Low: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)
  • Low: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715)
  • Low: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)
  • Moderate: Tampering of mod_session data for CGI applications (CVE-2018-1283)

For more information about changes in this release, see: https://www.apache.org/dist/httpd/CHANGES_2.4.33

How to install

sudo dnf upgrade --advisory=FEDORA-2018-375e3244b6

Comments 24

This update has been submitted for testing by jorton.

jorton edited this update.

This update has been pushed to testing.

This will cause all existing deployments to fail to start: https://bugzilla.redhat.com/show_bug.cgi?id=1562413

karma: -1

Yeah, just bumped into what Adam said.

karma: -1

adamwill edited this update.

New build(s):

  • httpd-2.4.33-2.fc27

Removed build(s):

  • httpd-2.4.33-1.fc27

Karma has been reset.

This update has been submitted for testing by adamwill.

@bojan can you check -2? thanks.

Yep, -2 works. Thanks!

karma: +1

thank you

karma: +1

This update has been pushed to testing.

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

Ok works for me

karma: +1

works

karma: +1

no regressions noted

karma: +1

works for me

karma: +1

Works

karma: +1

This update has been submitted for batched by pwalter.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+9
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago
modified 2 years ago

Related Bugs 7

00 #1560174 httpd-2.4.33 is available
00 #1560396 CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications [fedora-all]
00 #1560400 CVE-2018-1303 httpd: http: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service [fedora-all]
00 #1560616 CVE-2017-15710 httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values [fedora-all]
00 #1560618 CVE-2017-15715 httpd: <filesmatch> bypass with a trailing newline in the file name [fedora-all]</filesmatch>
00 #1560635 CVE-2018-1312 httpd: Weak Digest auth nonce generation in mod_auth_digest [fedora-all]
00 #1560644 CVE-2018-1301 httpd: Out of bound access after failure in reading the HTTP request [fedora-all]

Automated Test Results

Test Cases

00 Test Case HTTPd