Skip to navigation

Security Advisory httpd security update

Advisory: RHSA-2005:608-7
Type: Security Advisory
Severity: Important
Issued on: 2005-09-06
Last updated on: 2005-09-06
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-2700
CVE-2005-2728

Details

Updated Apache httpd packages that correct two security issues are now
available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The Apache HTTP Server is a popular and freely-available Web server.

A flaw was discovered in mod_ssl's handling of the "SSLVerifyClient"
directive. This flaw occurs if a virtual host is configured
using "SSLVerifyClient optional" and a directive "SSLVerifyClient
required" is set for a specific location. For servers configured in this
fashion, an attacker may be able to access resources that should otherwise
be protected, by not supplying a client certificate when connecting. The
Common Vulnerabilities and Exposures project assigned the name
CAN-2005-2700 to this issue.

A flaw was discovered in Apache httpd where the byterange filter would
buffer certain responses into memory. If a server has a dynamic
resource such as a CGI script or PHP script that generates a large amount
of data, an attacker could send carefully crafted requests in order to
consume resources, potentially leading to a Denial of Service. (CAN-2005-2728)

Users of Apache httpd should update to these errata packages that contain
backported patches to correct these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
httpd-2.0.46-46.3.ent.src.rpm
File outdated by:  RHSA-2009:1579
    MD5: 484b418c080a8fc60b3add4dfcf1900f
 
IA-32:
httpd-2.0.46-46.3.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: 319460633151ee1517c8148931ca72de
httpd-devel-2.0.46-46.3.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: 6cc3044405158920afedbd288430544c
mod_ssl-2.0.46-46.3.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: ee51eb393a77fcbc28640ab9c7c0376c
 
x86_64:
httpd-2.0.46-46.3.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: d1bd5698951993680a3f4d78b332117e
httpd-devel-2.0.46-46.3.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 9d57852140e597b4719cda1d8aee4101
mod_ssl-2.0.46-46.3.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: fc4beccd061aa1de3286a4548d820bcc
 
Red Hat Desktop (v. 4)

SRPMS:
httpd-2.0.52-12.2.ent.src.rpm
File outdated by:  RHSA-2011:1392
    MD5: de6c9583b0be4f8a91d58f9d96082d3c
 
IA-32:
httpd-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 2b535c428cc468bb8c94e88cb47b48a0
httpd-devel-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 62933dc89da98cf4e2cdb885cb195d29
httpd-manual-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 573ee8e079b51dd2d6a474c7513ede63
httpd-suexec-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: ee7ce0885eb313d0f359c89b0d22b637
mod_ssl-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: df4a617088e7c3d22cdb88d149f81209
 
x86_64:
httpd-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 34ec39c05630e576fad8859e8f233ba7
httpd-devel-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 614164cb0770a14d30eacc211fed4242
httpd-manual-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 2b59b10e2c8e41ed23041e3d433a67c7
httpd-suexec-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 2ce9c581b49e48da9db9b95e61f18ea9
mod_ssl-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 048f5c406bac99d9026eca82573c59f1
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
httpd-2.0.46-46.3.ent.src.rpm
File outdated by:  RHSA-2009:1579
    MD5: 484b418c080a8fc60b3add4dfcf1900f
 
IA-32:
httpd-2.0.46-46.3.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: 319460633151ee1517c8148931ca72de
httpd-devel-2.0.46-46.3.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: 6cc3044405158920afedbd288430544c
mod_ssl-2.0.46-46.3.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: ee51eb393a77fcbc28640ab9c7c0376c
 
IA-64:
httpd-2.0.46-46.3.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 5f9c92619f6a7e60409aeef7b92f5056
httpd-devel-2.0.46-46.3.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: cba1acc27a9904ea4988159c81e96a97
mod_ssl-2.0.46-46.3.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 15b4dba781df66f9cbcfc0230b96d261
 
PPC:
httpd-2.0.46-46.3.ent.ppc.rpm
File outdated by:  RHSA-2009:1579
    MD5: 2ae362a59d4c95ef58879a9f74ec6c30
httpd-devel-2.0.46-46.3.ent.ppc.rpm
File outdated by:  RHSA-2009:1579
    MD5: 2b61fbe228b61e5d113abd012e9bf619
mod_ssl-2.0.46-46.3.ent.ppc.rpm
File outdated by:  RHSA-2009:1579
    MD5: 6f653931571bfaebb519aecdbb7150c8
 
s390:
httpd-2.0.46-46.3.ent.s390.rpm
File outdated by:  RHSA-2009:1579
    MD5: c59a7c3908fa71b8b7ba36d07cd0d0d4
httpd-devel-2.0.46-46.3.ent.s390.rpm
File outdated by:  RHSA-2009:1579
    MD5: 2d3f8bf4a5745ba5b87d188f18d04a75
mod_ssl-2.0.46-46.3.ent.s390.rpm
File outdated by:  RHSA-2009:1579
    MD5: e1bc611d1e4eaecffbc58ff669d16b39
 
s390x:
httpd-2.0.46-46.3.ent.s390x.rpm
File outdated by:  RHSA-2009:1579
    MD5: ba883d990a3fc34d2c6d20b6329372c1
httpd-devel-2.0.46-46.3.ent.s390x.rpm
File outdated by:  RHSA-2009:1579
    MD5: 57c48448f06e2444d285440a6e43631c
mod_ssl-2.0.46-46.3.ent.s390x.rpm
File outdated by:  RHSA-2009:1579
    MD5: 2f44730013c2c1aef58d4c81e9ae613b
 
x86_64:
httpd-2.0.46-46.3.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: d1bd5698951993680a3f4d78b332117e
httpd-devel-2.0.46-46.3.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 9d57852140e597b4719cda1d8aee4101
mod_ssl-2.0.46-46.3.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: fc4beccd061aa1de3286a4548d820bcc
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
httpd-2.0.52-12.2.ent.src.rpm
File outdated by:  RHSA-2011:1392
    MD5: de6c9583b0be4f8a91d58f9d96082d3c
 
IA-32:
httpd-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 2b535c428cc468bb8c94e88cb47b48a0
httpd-devel-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 62933dc89da98cf4e2cdb885cb195d29
httpd-manual-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 573ee8e079b51dd2d6a474c7513ede63
httpd-suexec-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: ee7ce0885eb313d0f359c89b0d22b637
mod_ssl-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: df4a617088e7c3d22cdb88d149f81209
 
IA-64:
httpd-2.0.52-12.2.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 2c03808a9cf8081f395259ae21730af0
httpd-devel-2.0.52-12.2.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 99fcf9f0c7ea2b8a4248cd3a0d25da89
httpd-manual-2.0.52-12.2.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 856092d56cc712997901f534a76f568c
httpd-suexec-2.0.52-12.2.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 92ac8b5beb4e12b1ead63f7027d07cfb
mod_ssl-2.0.52-12.2.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: a44cc800809c368c7455c1af306b8e7d
 
PPC:
httpd-2.0.52-12.2.ent.ppc.rpm
File outdated by:  RHSA-2011:1392
    MD5: 7f49f8989dd2261c2d137af07e14ff54
httpd-devel-2.0.52-12.2.ent.ppc.rpm
File outdated by:  RHSA-2011:1392
    MD5: a6e1f360410c36f2cc641e321395fd16
httpd-manual-2.0.52-12.2.ent.ppc.rpm
File outdated by:  RHSA-2011:1392
    MD5: 69ce88336483a278bcad15ea6eaca096
httpd-suexec-2.0.52-12.2.ent.ppc.rpm
File outdated by:  RHSA-2011:1392
    MD5: f396126f7386857c22eeeef20d947652
mod_ssl-2.0.52-12.2.ent.ppc.rpm
File outdated by:  RHSA-2011:1392
    MD5: 99b6d20eed066a3b565756ad83888d22
 
s390:
httpd-2.0.52-12.2.ent.s390.rpm
File outdated by:  RHSA-2011:1392
    MD5: 0cbd52d64a91644717a1df0e15ccc39a
httpd-devel-2.0.52-12.2.ent.s390.rpm
File outdated by:  RHSA-2011:1392
    MD5: ca79cb435376a78d9f6b33c83473defe
httpd-manual-2.0.52-12.2.ent.s390.rpm
File outdated by:  RHSA-2011:1392
    MD5: 3e8a5481d36c837350b17ee20c4fd429
httpd-suexec-2.0.52-12.2.ent.s390.rpm
File outdated by:  RHSA-2011:1392
    MD5: 2899ee38bcd82766e731b57d3330ce9a
mod_ssl-2.0.52-12.2.ent.s390.rpm
File outdated by:  RHSA-2011:1392
    MD5: 7b5f79e871aefd2482c18cff9904c7c4
 
s390x:
httpd-2.0.52-12.2.ent.s390x.rpm
File outdated by:  RHSA-2011:1392
    MD5: ca68a1ae7ab25f761c901f28cd522f74
httpd-devel-2.0.52-12.2.ent.s390x.rpm
File outdated by:  RHSA-2011:1392
    MD5: 09c838209a62cba64e5b28688e313026
httpd-manual-2.0.52-12.2.ent.s390x.rpm
File outdated by:  RHSA-2011:1392
    MD5: caf032aaba9e03987ba1413743c47088
httpd-suexec-2.0.52-12.2.ent.s390x.rpm
File outdated by:  RHSA-2011:1392
    MD5: 0eeea0d60e789902f10252c39b13140a
mod_ssl-2.0.52-12.2.ent.s390x.rpm
File outdated by:  RHSA-2011:1392
    MD5: cedd7dadf3408b281a9d4d7d45e31b16
 
x86_64:
httpd-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 34ec39c05630e576fad8859e8f233ba7
httpd-devel-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 614164cb0770a14d30eacc211fed4242
httpd-manual-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 2b59b10e2c8e41ed23041e3d433a67c7
httpd-suexec-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 2ce9c581b49e48da9db9b95e61f18ea9
mod_ssl-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 048f5c406bac99d9026eca82573c59f1
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
httpd-2.0.46-46.3.ent.src.rpm
File outdated by:  RHSA-2009:1579
    MD5: 484b418c080a8fc60b3add4dfcf1900f
 
IA-32:
httpd-2.0.46-46.3.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: 319460633151ee1517c8148931ca72de
httpd-devel-2.0.46-46.3.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: 6cc3044405158920afedbd288430544c
mod_ssl-2.0.46-46.3.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: ee51eb393a77fcbc28640ab9c7c0376c
 
IA-64:
httpd-2.0.46-46.3.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 5f9c92619f6a7e60409aeef7b92f5056
httpd-devel-2.0.46-46.3.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: cba1acc27a9904ea4988159c81e96a97
mod_ssl-2.0.46-46.3.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 15b4dba781df66f9cbcfc0230b96d261
 
x86_64:
httpd-2.0.46-46.3.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: d1bd5698951993680a3f4d78b332117e
httpd-devel-2.0.46-46.3.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 9d57852140e597b4719cda1d8aee4101
mod_ssl-2.0.46-46.3.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: fc4beccd061aa1de3286a4548d820bcc
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
httpd-2.0.52-12.2.ent.src.rpm
File outdated by:  RHSA-2011:1392
    MD5: de6c9583b0be4f8a91d58f9d96082d3c
 
IA-32:
httpd-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 2b535c428cc468bb8c94e88cb47b48a0
httpd-devel-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 62933dc89da98cf4e2cdb885cb195d29
httpd-manual-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 573ee8e079b51dd2d6a474c7513ede63
httpd-suexec-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: ee7ce0885eb313d0f359c89b0d22b637
mod_ssl-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: df4a617088e7c3d22cdb88d149f81209
 
IA-64:
httpd-2.0.52-12.2.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 2c03808a9cf8081f395259ae21730af0
httpd-devel-2.0.52-12.2.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 99fcf9f0c7ea2b8a4248cd3a0d25da89
httpd-manual-2.0.52-12.2.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 856092d56cc712997901f534a76f568c
httpd-suexec-2.0.52-12.2.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 92ac8b5beb4e12b1ead63f7027d07cfb
mod_ssl-2.0.52-12.2.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: a44cc800809c368c7455c1af306b8e7d
 
x86_64:
httpd-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 34ec39c05630e576fad8859e8f233ba7
httpd-devel-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 614164cb0770a14d30eacc211fed4242
httpd-manual-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 2b59b10e2c8e41ed23041e3d433a67c7
httpd-suexec-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 2ce9c581b49e48da9db9b95e61f18ea9
mod_ssl-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 048f5c406bac99d9026eca82573c59f1
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
httpd-2.0.46-46.3.ent.src.rpm
File outdated by:  RHSA-2009:1579
    MD5: 484b418c080a8fc60b3add4dfcf1900f
 
IA-32:
httpd-2.0.46-46.3.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: 319460633151ee1517c8148931ca72de
httpd-devel-2.0.46-46.3.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: 6cc3044405158920afedbd288430544c
mod_ssl-2.0.46-46.3.ent.i386.rpm
File outdated by:  RHSA-2009:1579
    MD5: ee51eb393a77fcbc28640ab9c7c0376c
 
IA-64:
httpd-2.0.46-46.3.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 5f9c92619f6a7e60409aeef7b92f5056
httpd-devel-2.0.46-46.3.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: cba1acc27a9904ea4988159c81e96a97
mod_ssl-2.0.46-46.3.ent.ia64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 15b4dba781df66f9cbcfc0230b96d261
 
x86_64:
httpd-2.0.46-46.3.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: d1bd5698951993680a3f4d78b332117e
httpd-devel-2.0.46-46.3.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: 9d57852140e597b4719cda1d8aee4101
mod_ssl-2.0.46-46.3.ent.x86_64.rpm
File outdated by:  RHSA-2009:1579
    MD5: fc4beccd061aa1de3286a4548d820bcc
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
httpd-2.0.52-12.2.ent.src.rpm
File outdated by:  RHSA-2011:1392
    MD5: de6c9583b0be4f8a91d58f9d96082d3c
 
IA-32:
httpd-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 2b535c428cc468bb8c94e88cb47b48a0
httpd-devel-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 62933dc89da98cf4e2cdb885cb195d29
httpd-manual-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: 573ee8e079b51dd2d6a474c7513ede63
httpd-suexec-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: ee7ce0885eb313d0f359c89b0d22b637
mod_ssl-2.0.52-12.2.ent.i386.rpm
File outdated by:  RHSA-2011:1392
    MD5: df4a617088e7c3d22cdb88d149f81209
 
IA-64:
httpd-2.0.52-12.2.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 2c03808a9cf8081f395259ae21730af0
httpd-devel-2.0.52-12.2.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 99fcf9f0c7ea2b8a4248cd3a0d25da89
httpd-manual-2.0.52-12.2.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 856092d56cc712997901f534a76f568c
httpd-suexec-2.0.52-12.2.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 92ac8b5beb4e12b1ead63f7027d07cfb
mod_ssl-2.0.52-12.2.ent.ia64.rpm
File outdated by:  RHSA-2011:1392
    MD5: a44cc800809c368c7455c1af306b8e7d
 
x86_64:
httpd-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 34ec39c05630e576fad8859e8f233ba7
httpd-devel-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 614164cb0770a14d30eacc211fed4242
httpd-manual-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 2b59b10e2c8e41ed23041e3d433a67c7
httpd-suexec-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 2ce9c581b49e48da9db9b95e61f18ea9
mod_ssl-2.0.52-12.2.ent.x86_64.rpm
File outdated by:  RHSA-2011:1392
    MD5: 048f5c406bac99d9026eca82573c59f1
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

167102 - CAN-2005-2728 byterange memory DoS
167194 - CAN-2005-2700 SSLVerifyClient flaw


References


Keywords

apache, asf


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/