This update includes the latest upstream release, httpd 2.4.34, with multiple bug fixes and enhancements. See http://www.apache.org/dist/httpd/CHANGES_2.4.34 for more information on the changes in this version.
A security vulnerability is addressed in this update:
mod_md: DoS via Coredumps on specially crafted requests (CVE-2018-8011)The following changes are also included in this update:
httpd.service no longer blocks waiting for the restart to complete.mod_ssl now supports loading private keys (and associated certificates) from a PKCS#11 provider. Use a pkcs11: URI in the SSLCertificateKeyFile (and optionally SSLCertificateFile) directive(s).server-status.conf is packaged in the docdir httpd now Obsoletes mod_proxy_uwsgi (#1599113)mod_systemd now logs listening ports at startupUpdates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2018-49d3b42425Please log in to add feedback.
| 0 | 0 | Test Case HTTPd |
This update has been submitted for testing by jorton.
jorton edited this update.
jorton edited this update.
hello jorton, according to apache httpd changelog https://www.apache.org/dist/httpd/CHANGES_2.4.34 there is also CVE-2018-1333 fixed within this release. can you confirm this?
regards, muench
CVE-2018-1333 is a mod_md issue and in Fedora we ship mod_md separately from github releases.
CVE-2018-1333 is fixed by http://svn.apache.org/viewvc?view=revision&revision=1828879 (confirmed with security@httpd.apache.org)
This change is mirrored to github here: https://github.com/icing/mod_h2/commit/83a2e3866918ce6567a683eb4c660688d047ee81
That github commit is present in tag for mod_md 1.10.18. We already updated to 1.10.18 in Fedora, so Fedora users have the fix already. FEDORA-2018-54fed84dcd
Thank you jorton,
Sorry! Yes I mean mod_http2/mod_h2.
This update has been pushed to testing.
Works here.
works for me
Works
NOTE: DO NOT PUSH THIS TO STABLE.
There is a regression upstream which I will integrate the fix for, plus the Obsoletes for mod_proxy_uwsgi needs to be updated.
jorton edited this update.
jorton edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been submitted for testing by jorton.
jorton edited this update.
This update has been pushed to testing.
Works for me.
jorton edited this update.
Works great! LGTM! =)
The obsoletes for #1599113 look good to me.
This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.
This update has been submitted for batched by jorton.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.