- Issued:
- 2009-01-20
- Updated:
- 2009-01-20
RHBA-2009:0185 - Bug Fix Advisory
Synopsis
httpd bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated httpd packages that fix several bugs and add various enhancements
are now available.
Description
The Apache HTTP Server is a popular and freely-available Web server.
These updated httpd packages fix the following bugs:
- the mod_ldap module could cause unusually-high CPU usage after servicing
several requests when LDAP authentication was enabled. This has been fixed
in these updated packages so that high CPU usage no longer occurs in these
situations, thus resolving the issue.
- The mod_cache module now correctly processes requests with escaped URLs.
The mod_proxy and mod_cache modules have been upgrade to the newer upstream
version 2.2.9 of httpd. With this upgrade, the ProxyPassMatch directive,
load-balancing and content-caching are all now supported. In addition,
these updated packages also provide the following enhancements.
- The experimental event Multi-Processing Model (MPM) is now included in
/usr/sbin/httpd.event. MPM offers improved performance by using dedicated
threads to handle keepalive connections.
- mod_proxy_balancer can now match stickysession using alternative
parameter values.
- mod_ssl now supports dynamic OpenSSL locking callbacks. This feature is
required by some hardware cryptographic devices.
- During graceful restarts, httpd now uses the "OPTIONS *" request instead
of "GET /" to reduce server load.
- The mod_headers module now supports the "RequestHeader edit" directive.
Users of the Apache HTTP Server are advised to upgrade to these updated
packages, which resolves these issues and provides these enhancements.
Solution
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 367981 - reduce load during graceful restart
- BZ - 439218 - mod_proxy_balancer: configured session identifier is case-sensitive
- BZ - 439842 - mod_cache does not serve (CACHE_OUT) URLs which are url-escaped
- BZ - 440259 - mod_ldap high cpu usage after servicing a number of requests
- BZ - 440615 - there should be %{?dist} instead of %{dist} in the *.spec on the Release: line
- BZ - 454098 - Apache httpd does not proxy properly backend response with Transfer-Encoding: chunked
- BZ - 462044 - mod_ssl: add dynamic locking upcalls
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
httpd-2.2.3-22.el5.src.rpm | SHA-256: 3b7a81911d4847029fe2546d13756556e63d570db1382f0a55edeacb36899b1f |
x86_64 | |
httpd-2.2.3-22.el5.x86_64.rpm | SHA-256: 2b03f320952cbd023b275518fb40551afdd7caefb7d3a68d6b230eaa67fda171 |
httpd-devel-2.2.3-22.el5.i386.rpm | SHA-256: 1c87245b5b55d33bb9e7127cfd6ab8aff18f5928a4d641907cd005e7d60b92f9 |
httpd-devel-2.2.3-22.el5.x86_64.rpm | SHA-256: a4030d45c9e7e85ec81d19cd1d8937077cff7cd1c1128b4322837b7baee060c6 |
httpd-manual-2.2.3-22.el5.x86_64.rpm | SHA-256: 57c0dcda28582f8509d4bdb830ec56921e7f56ecd9d116fa443161534169fbc1 |
mod_ssl-2.2.3-22.el5.x86_64.rpm | SHA-256: 3c9bda1f4e176f128622d49611256f08f040f07fbf55c4aecc519579e8c7837d |
ia64 | |
httpd-2.2.3-22.el5.ia64.rpm | SHA-256: 69f0c95b58e850eb86b0ee7e0b3ad6565c31885aa050500d0dd9d97bc14814fe |
httpd-devel-2.2.3-22.el5.ia64.rpm | SHA-256: c4d172c987768553edc77d95f30711575d63cb468f8be393210809dcc702fe34 |
httpd-manual-2.2.3-22.el5.ia64.rpm | SHA-256: 42d8da5e64ec8a082c089b16525c24cb9fd7d041b26ebf830ed1e9d24adb7670 |
mod_ssl-2.2.3-22.el5.ia64.rpm | SHA-256: 823bc0391be27b3c8d9852eaa78af61b190077dc817855ca943db9e38e271816 |
i386 | |
httpd-2.2.3-22.el5.i386.rpm | SHA-256: bfdf3e752b759f7735c5f25482288da237197df4c63a6502482a078c1aad521a |
httpd-devel-2.2.3-22.el5.i386.rpm | SHA-256: 1c87245b5b55d33bb9e7127cfd6ab8aff18f5928a4d641907cd005e7d60b92f9 |
httpd-manual-2.2.3-22.el5.i386.rpm | SHA-256: 8ad2250575109247e890d1ff87ed93f99cf5d617c3582851ee96a7d21ff999bf |
mod_ssl-2.2.3-22.el5.i386.rpm | SHA-256: 76c41d49d14b4b635e61019a49809214c389aaa2ebc7a91a37aae131f329e9c0 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
httpd-2.2.3-22.el5.src.rpm | SHA-256: 3b7a81911d4847029fe2546d13756556e63d570db1382f0a55edeacb36899b1f |
x86_64 | |
httpd-2.2.3-22.el5.x86_64.rpm | SHA-256: 2b03f320952cbd023b275518fb40551afdd7caefb7d3a68d6b230eaa67fda171 |
httpd-devel-2.2.3-22.el5.i386.rpm | SHA-256: 1c87245b5b55d33bb9e7127cfd6ab8aff18f5928a4d641907cd005e7d60b92f9 |
httpd-devel-2.2.3-22.el5.x86_64.rpm | SHA-256: a4030d45c9e7e85ec81d19cd1d8937077cff7cd1c1128b4322837b7baee060c6 |
httpd-manual-2.2.3-22.el5.x86_64.rpm | SHA-256: 57c0dcda28582f8509d4bdb830ec56921e7f56ecd9d116fa443161534169fbc1 |
mod_ssl-2.2.3-22.el5.x86_64.rpm | SHA-256: 3c9bda1f4e176f128622d49611256f08f040f07fbf55c4aecc519579e8c7837d |
i386 | |
httpd-2.2.3-22.el5.i386.rpm | SHA-256: bfdf3e752b759f7735c5f25482288da237197df4c63a6502482a078c1aad521a |
httpd-devel-2.2.3-22.el5.i386.rpm | SHA-256: 1c87245b5b55d33bb9e7127cfd6ab8aff18f5928a4d641907cd005e7d60b92f9 |
httpd-manual-2.2.3-22.el5.i386.rpm | SHA-256: 8ad2250575109247e890d1ff87ed93f99cf5d617c3582851ee96a7d21ff999bf |
mod_ssl-2.2.3-22.el5.i386.rpm | SHA-256: 76c41d49d14b4b635e61019a49809214c389aaa2ebc7a91a37aae131f329e9c0 |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
httpd-2.2.3-22.el5.src.rpm | SHA-256: 3b7a81911d4847029fe2546d13756556e63d570db1382f0a55edeacb36899b1f |
x86_64 | |
httpd-2.2.3-22.el5.x86_64.rpm | SHA-256: 2b03f320952cbd023b275518fb40551afdd7caefb7d3a68d6b230eaa67fda171 |
mod_ssl-2.2.3-22.el5.x86_64.rpm | SHA-256: 3c9bda1f4e176f128622d49611256f08f040f07fbf55c4aecc519579e8c7837d |
i386 | |
httpd-2.2.3-22.el5.i386.rpm | SHA-256: bfdf3e752b759f7735c5f25482288da237197df4c63a6502482a078c1aad521a |
mod_ssl-2.2.3-22.el5.i386.rpm | SHA-256: 76c41d49d14b4b635e61019a49809214c389aaa2ebc7a91a37aae131f329e9c0 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
httpd-2.2.3-22.el5.src.rpm | SHA-256: 3b7a81911d4847029fe2546d13756556e63d570db1382f0a55edeacb36899b1f |
s390x | |
httpd-2.2.3-22.el5.s390x.rpm | SHA-256: fbedcdf8c6a77093a7dab174cf54ba3665b3484d23a332e39d2d06aa67fff912 |
httpd-devel-2.2.3-22.el5.s390.rpm | SHA-256: 0075ae75a33683328830bc898ee6231fed4949d09774edf832f6f814c1bd8496 |
httpd-devel-2.2.3-22.el5.s390x.rpm | SHA-256: 100d5e8ed6dbf084162a6336a9d5aed5c8fd6f56e74689c6c147a2ffe2e37e8f |
httpd-manual-2.2.3-22.el5.s390x.rpm | SHA-256: 33d44d4ec9f3b676c4f85cff8bd4340e3414b31c001738b10170f760cc3a396a |
mod_ssl-2.2.3-22.el5.s390x.rpm | SHA-256: 6e92aca0c7e2d8c7cc431e5cde531f968a8cd51cb5cad3357880fc53753bf2fd |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
httpd-2.2.3-22.el5.src.rpm | SHA-256: 3b7a81911d4847029fe2546d13756556e63d570db1382f0a55edeacb36899b1f |
ppc | |
httpd-2.2.3-22.el5.ppc.rpm | SHA-256: 6a31e13b186cc140bc4c2b76fec29c134a8068945cb3ecbfa5a98a8989fa9d2d |
httpd-devel-2.2.3-22.el5.ppc.rpm | SHA-256: f42cfce5b5d70e5509ca0c977ee6149021450e4ec9b5b2773c16c62697341a59 |
httpd-devel-2.2.3-22.el5.ppc64.rpm | SHA-256: 330e10802d1febad89c465fb715c30dc83ee94713b95358dd4172229cabd936f |
httpd-manual-2.2.3-22.el5.ppc.rpm | SHA-256: eb133e4a227a5441095f79397a643c8b699864b415e9c84acfa3817272a3c70b |
mod_ssl-2.2.3-22.el5.ppc.rpm | SHA-256: 2a57c11b370c2d7a10ec9eb137edac68feba3d86fb60eefcb16d7405b24f1517 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
httpd-2.2.3-22.el5.src.rpm | SHA-256: 3b7a81911d4847029fe2546d13756556e63d570db1382f0a55edeacb36899b1f |
x86_64 | |
httpd-2.2.3-22.el5.x86_64.rpm | SHA-256: 2b03f320952cbd023b275518fb40551afdd7caefb7d3a68d6b230eaa67fda171 |
httpd-devel-2.2.3-22.el5.i386.rpm | SHA-256: 1c87245b5b55d33bb9e7127cfd6ab8aff18f5928a4d641907cd005e7d60b92f9 |
httpd-devel-2.2.3-22.el5.x86_64.rpm | SHA-256: a4030d45c9e7e85ec81d19cd1d8937077cff7cd1c1128b4322837b7baee060c6 |
httpd-manual-2.2.3-22.el5.x86_64.rpm | SHA-256: 57c0dcda28582f8509d4bdb830ec56921e7f56ecd9d116fa443161534169fbc1 |
mod_ssl-2.2.3-22.el5.x86_64.rpm | SHA-256: 3c9bda1f4e176f128622d49611256f08f040f07fbf55c4aecc519579e8c7837d |
i386 | |
httpd-2.2.3-22.el5.i386.rpm | SHA-256: bfdf3e752b759f7735c5f25482288da237197df4c63a6502482a078c1aad521a |
httpd-devel-2.2.3-22.el5.i386.rpm | SHA-256: 1c87245b5b55d33bb9e7127cfd6ab8aff18f5928a4d641907cd005e7d60b92f9 |
httpd-manual-2.2.3-22.el5.i386.rpm | SHA-256: 8ad2250575109247e890d1ff87ed93f99cf5d617c3582851ee96a7d21ff999bf |
mod_ssl-2.2.3-22.el5.i386.rpm | SHA-256: 76c41d49d14b4b635e61019a49809214c389aaa2ebc7a91a37aae131f329e9c0 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.