- Issued:
- 2011-01-13
- Updated:
- 2011-01-13
RHBA-2011:0130 - Bug Fix Advisory
Synopsis
httpd bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated httpd packages that resolve several issues are now available.
Description
The Apache HTTP Server is a popular web server.
These updated packages provide fixes for the following bugs:
- In a reverse proxy configuration, the Date field in the response headers sent
by an upstream server was replaced by a Date header using the local time at the
proxy server. This could result in inappropriate caching of the response in
browsers or downstream caches. The Date header is no longer replaced in a
reverse proxy configuration and caching is correct. (BZ#565865)
- Due to a bug in the filter initialization process, filters configured using
the "mod_filter" module were not handled correctly if a "sub-request" took
place. For example, using the "FilterChain" directive to configure the
"DEFLATE" compression filter with a Server-Side-Include page could result in
pages which were only partially compressed. With this update filters used with
mod_filter operate correctly. (BZ#570628)
- If using a WebDAV repository, uploading new content with the "PUT" HTTP method
could remove an existing resource if an error occurred during the upload. This
was caused by a bug in failure handling. With this update the content remains in
place. (BZ#572910)
- The output of the "mod_deflate" module could have contained corrupted or empty
HTTP responses when either response compression was enabled, or when acting as a
proxy, expansion of compressed responses from upstream servers. The compressed
responses are now fixed. (BZ#593715, BZ#612211)
- If the "mod_dbd" module was used, due to a memory lifetime issue in the
module, an error message from glibc concerning "double free or corruption" could
be raised when the httpd daemon was stopped, and the daemon would terminate
unexpectedly. This update fixes the memory lifetime issues. The error message no
longer appears and the server exits normally. (BZ#633955)
- When executing "service httpd stop", a 10-seconds timeout is used before
terminating the httpd parent process in case of error. If this timeout was
insufficient, resources did not allow the parent process to terminate cleanly
and could be leaked. The "STOP_TIMEOUT" environment variable has been introduced
which can be used in the "/etc/sysconfig/httpd" configuration file to change the
timeout. This can be used to allow a longer delay and fix resource leaks if the
httpd parent is slow to terminate. (BZ#644223)
- If arguments passed to the "ab" benchmarking program triggered a memory
allocation failure, ab could terminate with a Segmentation Fault error. The
memory allocation failure is now trapped earlier, and the program exits
gracefully with an error message. (BZ#645845)
All httpd users are advised to upgrade to these updated packages, which resolve
these issues.
Solution
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat
Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 572910 - "could not get next bucket brigade" while a client is doing a PUT results in data loss
- BZ - 593715 - mod_deflate does not flush output stream if handler performs flush.
- BZ - 612211 - mod_deflate/mod_proxy generating 'Inflate error -5 on flush' errors
- BZ - 644223 - Some semaphores are not cleaned during httpd shutdown
- BZ - 645845 - ab -n overflows
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
httpd-2.2.3-45.el5.src.rpm | SHA-256: 151b87de41eb24a4b283b84eae7d4e4d866e644552ce54dfe400653ca2230610 |
x86_64 | |
httpd-2.2.3-45.el5.x86_64.rpm | SHA-256: 4e70e37f000a34e3603e217f1c0ea4cb9769367c8cb2203fee177f5ceb0ec502 |
httpd-devel-2.2.3-45.el5.i386.rpm | SHA-256: 0f854b643199570c34450d04a81630452ed1b0092289c355dd49b3eafb756286 |
httpd-devel-2.2.3-45.el5.x86_64.rpm | SHA-256: 39d51cd5faf0ff0ece367d9e4ffa728308b8250e82dbcafad39e77c55998d131 |
httpd-manual-2.2.3-45.el5.x86_64.rpm | SHA-256: b8d8824ba6c5bba3030946c80732df0d58fe9ee29a39baf9811eef91a4351323 |
mod_ssl-2.2.3-45.el5.x86_64.rpm | SHA-256: 72b464bb0d632b8b596e4000e4126eda94166bcecf9ab3a31b3494848bbd524a |
ia64 | |
httpd-2.2.3-45.el5.ia64.rpm | SHA-256: 4c2cade782ceab1ce976242fe340d9fd959b58d14d39e8f00710d376057e6665 |
httpd-devel-2.2.3-45.el5.ia64.rpm | SHA-256: ec00d70da5c6e9ebee774a4d7131e992dcf7caa9c9f3bcc2854a9c8a7910b3f8 |
httpd-manual-2.2.3-45.el5.ia64.rpm | SHA-256: 45eb7f43f8124e7b2a08ec82a19ac61572df966c90d183035e6a6d6516527b03 |
mod_ssl-2.2.3-45.el5.ia64.rpm | SHA-256: 460174bc22a61fd2b7ba4c859632414d93822a91951eadeb3c7ec1560ae8156f |
i386 | |
httpd-2.2.3-45.el5.i386.rpm | SHA-256: b65625da583d75f7e04497b3fea98b403eefa8473aac528519bcce5d86d6ba7c |
httpd-devel-2.2.3-45.el5.i386.rpm | SHA-256: 0f854b643199570c34450d04a81630452ed1b0092289c355dd49b3eafb756286 |
httpd-manual-2.2.3-45.el5.i386.rpm | SHA-256: 3224b4a45c21fee3211a2b771a755dc5f1be92235c6d38aaa361a1199c0cd56d |
mod_ssl-2.2.3-45.el5.i386.rpm | SHA-256: 8af9b5e64b92bda218ce0915d0f207603f8cb4783d9174ae65da86ccf9fe0d00 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
httpd-2.2.3-45.el5.src.rpm | SHA-256: 151b87de41eb24a4b283b84eae7d4e4d866e644552ce54dfe400653ca2230610 |
x86_64 | |
httpd-2.2.3-45.el5.x86_64.rpm | SHA-256: 4e70e37f000a34e3603e217f1c0ea4cb9769367c8cb2203fee177f5ceb0ec502 |
httpd-devel-2.2.3-45.el5.i386.rpm | SHA-256: 0f854b643199570c34450d04a81630452ed1b0092289c355dd49b3eafb756286 |
httpd-devel-2.2.3-45.el5.x86_64.rpm | SHA-256: 39d51cd5faf0ff0ece367d9e4ffa728308b8250e82dbcafad39e77c55998d131 |
httpd-manual-2.2.3-45.el5.x86_64.rpm | SHA-256: b8d8824ba6c5bba3030946c80732df0d58fe9ee29a39baf9811eef91a4351323 |
mod_ssl-2.2.3-45.el5.x86_64.rpm | SHA-256: 72b464bb0d632b8b596e4000e4126eda94166bcecf9ab3a31b3494848bbd524a |
i386 | |
httpd-2.2.3-45.el5.i386.rpm | SHA-256: b65625da583d75f7e04497b3fea98b403eefa8473aac528519bcce5d86d6ba7c |
httpd-devel-2.2.3-45.el5.i386.rpm | SHA-256: 0f854b643199570c34450d04a81630452ed1b0092289c355dd49b3eafb756286 |
httpd-manual-2.2.3-45.el5.i386.rpm | SHA-256: 3224b4a45c21fee3211a2b771a755dc5f1be92235c6d38aaa361a1199c0cd56d |
mod_ssl-2.2.3-45.el5.i386.rpm | SHA-256: 8af9b5e64b92bda218ce0915d0f207603f8cb4783d9174ae65da86ccf9fe0d00 |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
httpd-2.2.3-45.el5.src.rpm | SHA-256: 151b87de41eb24a4b283b84eae7d4e4d866e644552ce54dfe400653ca2230610 |
x86_64 | |
httpd-2.2.3-45.el5.x86_64.rpm | SHA-256: 4e70e37f000a34e3603e217f1c0ea4cb9769367c8cb2203fee177f5ceb0ec502 |
mod_ssl-2.2.3-45.el5.x86_64.rpm | SHA-256: 72b464bb0d632b8b596e4000e4126eda94166bcecf9ab3a31b3494848bbd524a |
i386 | |
httpd-2.2.3-45.el5.i386.rpm | SHA-256: b65625da583d75f7e04497b3fea98b403eefa8473aac528519bcce5d86d6ba7c |
mod_ssl-2.2.3-45.el5.i386.rpm | SHA-256: 8af9b5e64b92bda218ce0915d0f207603f8cb4783d9174ae65da86ccf9fe0d00 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
httpd-2.2.3-45.el5.src.rpm | SHA-256: 151b87de41eb24a4b283b84eae7d4e4d866e644552ce54dfe400653ca2230610 |
s390x | |
httpd-2.2.3-45.el5.s390x.rpm | SHA-256: 7a26f5696c70cbce80e1cf5ce5de523dc0376b7129e638110513b1cd385c6b09 |
httpd-devel-2.2.3-45.el5.s390.rpm | SHA-256: 3893bb2f2ae4fd1cfae5e30ef0ab3909195d4e82a805725899c69307467f8bf7 |
httpd-devel-2.2.3-45.el5.s390x.rpm | SHA-256: fc9023cc48eddef0b2a7d8c6c5dc12b2e17e3cbfbcac1c925a1895dca7d639f6 |
httpd-manual-2.2.3-45.el5.s390x.rpm | SHA-256: 39c755b9d76c9782965e6e8688069d477ae9270ecb2119b3d7c023b77331efca |
mod_ssl-2.2.3-45.el5.s390x.rpm | SHA-256: 457d0df165d6d32aa11c295a7de7440f43750a6b485ff1c5cd6b3a09e10bf54b |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
httpd-2.2.3-45.el5.src.rpm | SHA-256: 151b87de41eb24a4b283b84eae7d4e4d866e644552ce54dfe400653ca2230610 |
ppc | |
httpd-2.2.3-45.el5.ppc.rpm | SHA-256: 31672e8c4e9917ecdfa4bb050855a6e122cacd186c32c7b66688443b5288c647 |
httpd-devel-2.2.3-45.el5.ppc.rpm | SHA-256: 0265b8daaabcd227f6f0792908efcd74c36a4ff58162958e0a890070fa879c1e |
httpd-devel-2.2.3-45.el5.ppc64.rpm | SHA-256: 8f005485001101adb1ed198401bfba317976c0662806750e0bedd0e106420d68 |
httpd-manual-2.2.3-45.el5.ppc.rpm | SHA-256: 804016b0a977a11822d6ec95ae38cfb9b44b0e82e629f315179ae563d17c3912 |
mod_ssl-2.2.3-45.el5.ppc.rpm | SHA-256: c92b801557ce8c09ccdf960f75c1bf7b20efedcbd14e77069d781f3fa10687ac |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
httpd-2.2.3-45.el5.src.rpm | SHA-256: 151b87de41eb24a4b283b84eae7d4e4d866e644552ce54dfe400653ca2230610 |
x86_64 | |
httpd-2.2.3-45.el5.x86_64.rpm | SHA-256: 4e70e37f000a34e3603e217f1c0ea4cb9769367c8cb2203fee177f5ceb0ec502 |
httpd-devel-2.2.3-45.el5.i386.rpm | SHA-256: 0f854b643199570c34450d04a81630452ed1b0092289c355dd49b3eafb756286 |
httpd-devel-2.2.3-45.el5.x86_64.rpm | SHA-256: 39d51cd5faf0ff0ece367d9e4ffa728308b8250e82dbcafad39e77c55998d131 |
httpd-manual-2.2.3-45.el5.x86_64.rpm | SHA-256: b8d8824ba6c5bba3030946c80732df0d58fe9ee29a39baf9811eef91a4351323 |
mod_ssl-2.2.3-45.el5.x86_64.rpm | SHA-256: 72b464bb0d632b8b596e4000e4126eda94166bcecf9ab3a31b3494848bbd524a |
i386 | |
httpd-2.2.3-45.el5.i386.rpm | SHA-256: b65625da583d75f7e04497b3fea98b403eefa8473aac528519bcce5d86d6ba7c |
httpd-devel-2.2.3-45.el5.i386.rpm | SHA-256: 0f854b643199570c34450d04a81630452ed1b0092289c355dd49b3eafb756286 |
httpd-manual-2.2.3-45.el5.i386.rpm | SHA-256: 3224b4a45c21fee3211a2b771a755dc5f1be92235c6d38aaa361a1199c0cd56d |
mod_ssl-2.2.3-45.el5.i386.rpm | SHA-256: 8af9b5e64b92bda218ce0915d0f207603f8cb4783d9174ae65da86ccf9fe0d00 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.