Oval Definition:oval:com.redhat.rhsa:def:20080967
Revision Date:2008-11-11Version:637
Title:RHSA-2008:0967: httpd security and bug fix update (Moderate)
Description:The Apache HTTP Server is a popular Web server.

  • A flaw was found in the mod_proxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364)

  • A flaw was found in the mod_proxy_ftp Apache module. If Apache was configured to support FTP-over-HTTP proxying, a remote attacker could have performed a cross-site scripting attack. (CVE-2008-2939)

    In addition, these updated packages fix a bug found in the handling of the "ProxyRemoteMatch" directive in the Red Hat Enterprise Linux 4 httpd packages. This bug is not present in the Red Hat Enterprise Linux 3 or Red Hat Enterprise Linux 5 packages.

    Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2008-2364
    CVE-2008-2939
    RHSA-2008:0967
    RHSA-2008:0967-01
    RHSA-2008:0967-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • httpd-devel is earlier than 0:2.0.46-71.ent
  • AND httpd-devel is signed with Red Hat master key
  • httpd is earlier than 0:2.0.46-71.ent
  • AND httpd is signed with Red Hat master key
  • mod_ssl is earlier than 1:2.0.46-71.ent
  • AND mod_ssl is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • mod_ssl is earlier than 1:2.0.52-41.ent.2
  • AND mod_ssl is signed with Red Hat master key
  • httpd is earlier than 0:2.0.52-41.ent.2
  • AND httpd is signed with Red Hat master key
  • httpd-manual is earlier than 0:2.0.52-41.ent.2
  • AND httpd-manual is signed with Red Hat master key
  • httpd-devel is earlier than 0:2.0.52-41.ent.2
  • AND httpd-devel is signed with Red Hat master key
  • httpd-suexec is earlier than 0:2.0.52-41.ent.2
  • AND httpd-suexec is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • httpd is earlier than 0:2.2.3-11.el5_2.4
  • AND httpd is signed with Red Hat redhatrelease key
  • mod_ssl is earlier than 1:2.2.3-11.el5_2.4
  • AND mod_ssl is signed with Red Hat redhatrelease key
  • httpd-devel is earlier than 0:2.2.3-11.el5_2.4
  • AND httpd-devel is signed with Red Hat redhatrelease key
  • httpd-manual is earlier than 0:2.2.3-11.el5_2.4
  • AND httpd-manual is signed with Red Hat redhatrelease key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • httpd is earlier than 0:2.0.52-41.ent.2
  • AND httpd is signed with Red Hat redhatrelease2 key
  • httpd-devel is earlier than 0:2.0.52-41.ent.2
  • AND httpd-devel is signed with Red Hat redhatrelease2 key
  • httpd-manual is earlier than 0:2.0.52-41.ent.2
  • AND httpd-manual is signed with Red Hat redhatrelease2 key
  • httpd-suexec is earlier than 0:2.0.52-41.ent.2
  • AND httpd-suexec is signed with Red Hat redhatrelease2 key
  • mod_ssl is earlier than 1:2.0.52-41.ent.2
  • AND mod_ssl is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • httpd is earlier than 0:2.2.3-11.el5_2.4
  • AND httpd is signed with Red Hat redhatrelease2 key
  • httpd-devel is earlier than 0:2.2.3-11.el5_2.4
  • AND httpd-devel is signed with Red Hat redhatrelease2 key
  • httpd-manual is earlier than 0:2.2.3-11.el5_2.4
  • AND httpd-manual is signed with Red Hat redhatrelease2 key
  • mod_ssl is earlier than 1:2.2.3-11.el5_2.4
  • AND mod_ssl is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • httpd is earlier than 0:2.0.46-71.ent
  • AND httpd is signed with Red Hat master key
  • httpd-devel is earlier than 0:2.0.46-71.ent
  • AND httpd-devel is signed with Red Hat master key
  • mod_ssl is earlier than 0:2.0.46-71.ent
  • AND mod_ssl is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • httpd is earlier than 0:2.0.52-41.ent.2
  • AND httpd is signed with Red Hat master key
  • httpd-devel is earlier than 0:2.0.52-41.ent.2
  • AND httpd-devel is signed with Red Hat master key
  • httpd-manual is earlier than 0:2.0.52-41.ent.2
  • AND httpd-manual is signed with Red Hat master key
  • httpd-suexec is earlier than 0:2.0.52-41.ent.2
  • AND httpd-suexec is signed with Red Hat master key
  • mod_ssl is earlier than 0:2.0.52-41.ent.2
  • AND mod_ssl is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • httpd is earlier than 0:2.2.3-11.el5_2.4
  • AND httpd is signed with Red Hat redhatrelease key
  • httpd-devel is earlier than 0:2.2.3-11.el5_2.4
  • AND httpd-devel is signed with Red Hat redhatrelease key
  • httpd-manual is earlier than 0:2.2.3-11.el5_2.4
  • AND httpd-manual is signed with Red Hat redhatrelease key
  • mod_ssl is earlier than 0:2.2.3-11.el5_2.4
  • AND mod_ssl is signed with Red Hat redhatrelease key
    • BACK