This update includes the latest upstream release of Apache httpd, version 2.4.39, including multiple bug and security fixes. To see the full list of changes in this release, see: https://www.apache.org/dist/httpd/CHANGES_2.4.39
The following security vulnerabilities are addressed:
CVE-2019-0211
-
MPMs unix: Fix a local priviledge escalation vulnerability by not
maintaining each child's listener bucket number in the scoreboard,
preventing unprivileged code like scripts run by/on the server (e.g. via
mod_php) from modifying it persistently to abuse the priviledged main
process.
CVE-2019-0215
-
mod_ssl: Fix access control bypass for per-location/per-dir client
certificate verification in TLSv1.3.
CVE-2019-0217
-
mod_auth_digest: Fix a race condition checking user credentials which
could allow a user with valid credentials to impersonate another,
under a threaded MPM.
CVE-2019-0220
-
Merge consecutive slashes in URL's. Opt-out with
MergeSlashes OFF
.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2019-a4ed7400f4
Please login to add feedback.
0 | 0 | Test Case HTTPd |
This update has been submitted for testing by luhliarik.
This update has been pushed to testing.
jorton edited this update.
jorton edited this update.
jorton edited this update.
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
jorton edited this update.
Works
jorton edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been submitted for testing by jorton.
This update has been pushed to testing.
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for batched by jorton.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.