FEDORA-2019-119b14075a created by luhliarik 7 months ago for Fedora 29
stable

This update includes the latest upstream release of Apache httpd, version 2.4.39, including multiple bug and security fixes. To see the full list of changes in this release, see: https://www.apache.org/dist/httpd/CHANGES_2.4.39

The following security vulnerabilities are addressed:

  • CVE-2019-0211 - MPMs unix: Fix a local priviledge escalation vulnerability by not maintaining each child's listener bucket number in the scoreboard, preventing unprivileged code like scripts run by/on the server (e.g. via mod_php) from modifying it persistently to abuse the priviledged main process.

  • CVE-2019-0215 - mod_ssl: Fix access control bypass for per-location/per-dir client certificate verification in TLSv1.3.

  • CVE-2019-0217 - mod_auth_digest: Fix a race condition checking user credentials which could allow a user with valid credentials to impersonate another, under a threaded MPM.

  • CVE-2019-0220- Merge consecutive slashes in URL's. Opt-out with MergeSlashes OFF.

How to install

sudo dnf upgrade --advisory=FEDORA-2019-119b14075a
This update has been submitted for testing by luhliarik. 7 months ago
This update has been pushed to testing. 7 months ago
User Icon rspliet provided feedback 7 months ago
karma
BZ#1694510 httpd-2.4.39 is available
User Icon bojan commented & provided feedback 7 months ago
karma

Works here.

jorton edited this update. 7 months ago
jorton edited this update. 7 months ago
jorton edited this update. 7 months ago
User Icon jorton provided feedback 7 months ago
karma
BZ#1694510 httpd-2.4.39 is available
This update has been submitted for batched by bodhi. 7 months ago
This update has been submitted for stable by bodhi. 7 months ago
This update has been pushed to stable. 7 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
7 months ago
in testing
7 months ago
in stable
7 months ago
modified
7 months ago
BZ#1694510 httpd-2.4.39 is available
0
2
BZ#1694986 CVE-2019-0211 httpd: privilege escalation from modules scripts [fedora-all]
0
0
BZ#1695046 CVE-2019-0215 CVE-2019-0217 CVE-2019-0220 httpd: various flaws [fedora-all]
0
0

Automated Test Results

Test Cases

0 0 Test Case HTTPd