stable

httpd-2.4.39-1.1.fc28

FEDORA-2019-a4ed7400f4 created by luhliarik 5 years ago for Fedora 28

This update includes the latest upstream release of Apache httpd, version 2.4.39, including multiple bug and security fixes. To see the full list of changes in this release, see: https://www.apache.org/dist/httpd/CHANGES_2.4.39

The following security vulnerabilities are addressed:

  • CVE-2019-0211 - MPMs unix: Fix a local priviledge escalation vulnerability by not maintaining each child's listener bucket number in the scoreboard, preventing unprivileged code like scripts run by/on the server (e.g. via mod_php) from modifying it persistently to abuse the priviledged main process.

  • CVE-2019-0215 - mod_ssl: Fix access control bypass for per-location/per-dir client certificate verification in TLSv1.3.

  • CVE-2019-0217 - mod_auth_digest: Fix a race condition checking user credentials which could allow a user with valid credentials to impersonate another, under a threaded MPM.

  • CVE-2019-0220- Merge consecutive slashes in URL's. Opt-out with MergeSlashes OFF.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2019-a4ed7400f4

This update has been submitted for testing by luhliarik.

5 years ago

This update has been pushed to testing.

5 years ago

jorton edited this update.

5 years ago

jorton edited this update.

5 years ago

jorton edited this update.

5 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

5 years ago

jorton edited this update.

5 years ago
User Icon pwalter commented & provided feedback 5 years ago
karma

Works

jorton edited this update.

New build(s):

  • httpd-2.4.39-1.1.fc28

Removed build(s):

  • httpd-2.4.39-1.fc28

Karma has been reset.

5 years ago

This update has been submitted for testing by jorton.

5 years ago

This update has been pushed to testing.

5 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

5 years ago

This update has been submitted for batched by jorton.

5 years ago

This update has been submitted for stable by bodhi.

5 years ago

This update has been pushed to stable.

5 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
5 years ago
in testing
5 years ago
in stable
5 years ago
modified
5 years ago
BZ#1694510 httpd-2.4.39 is available
0
0
BZ#1694986 CVE-2019-0211 httpd: privilege escalation from modules scripts [fedora-all]
0
0
BZ#1695046 CVE-2019-0215 CVE-2019-0217 CVE-2019-0220 httpd: various flaws [fedora-all]
0
0
BZ#1698719 fix a regression introduced in r1740928
0
0

Automated Test Results

Test Cases

0 0 Test Case HTTPd