Oval Definition:oval:com.redhat.rhsa:def:20091075
Revision Date:2009-05-27Version:645
Title:RHSA-2009:1075: httpd security update (Moderate)
Description:The Apache HTTP Server is a popular and freely-available Web server.

  • A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impacting other processes, or causing a system crash. (CVE-2008-1678)

    Note: The CVE-2008-1678 issue did not affect Red Hat Enterprise Linux 5 prior to 5.3. The problem was introduced via the RHBA-2009:0181 errata in Red Hat Enterprise Linux 5.3, which upgraded OpenSSL to the newer 0.9.8e version.

  • A flaw was found in the handling of the "Options" and "AllowOverride" directives. In configurations using the "AllowOverride" directive with certain "Options=" arguments, local users were not restricted from executing commands from a Server-Side-Include script as intended. (CVE-2009-1195)

    All httpd users should upgrade to these updated packages, which contain backported patches to resolve these issues. Users must restart httpd for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2008-1678
    CVE-2009-1195
    RHSA-2009:1075
    RHSA-2009:1075-01
    RHSA-2009:1075-01
    Platform(s):Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • httpd is earlier than 0:2.2.3-22.el5_3.1
  • AND httpd is signed with Red Hat redhatrelease2 key
  • httpd-devel is earlier than 0:2.2.3-22.el5_3.1
  • AND httpd-devel is signed with Red Hat redhatrelease2 key
  • httpd-manual is earlier than 0:2.2.3-22.el5_3.1
  • AND httpd-manual is signed with Red Hat redhatrelease2 key
  • mod_ssl is earlier than 1:2.2.3-22.el5_3.1
  • AND mod_ssl is signed with Red Hat redhatrelease2 key
    • BACK