---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Fedora update for httpd SECUNIA ADVISORY ID: SA26842 VERIFY ADVISORY: http://secunia.com/advisories/26842/ CRITICAL: Less critical IMPACT: Exposure of sensitive information, DoS WHERE: >From remote OPERATING SYSTEM: Fedora 7 http://secunia.com/product/15552/ DESCRIPTION: Fedora has issued an update for httpd. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and disclose potentially sensitive information. 1) An error in the mod_cache module in the handling of Cache-Control headers can be exploited to crash the child process via specially crafted requests. This could lead to a DoS when using a threaded Multi-Processing Module. 2) An error within the handling of headers from cache pool objects in the mod_mem_cache module can be exploited to disclose potentially sensitive information. 2) An error in the mod_proxy module can be exploited to cause a DoS. For more information: SA26636 SOLUTION: Apply updated packages. d3dc55a160abd41a5fdbbc689bf76e67cbde0fb3 mod_ssl-2.2.6-1.fc7.ppc64.rpm b562daa6ae5da6a74d4544cc409bb98228d68f73 httpd-manual-2.2.6-1.fc7.ppc64.rpm 7a6dfad974a0654d24eb0b86126185b1473b9cc0 httpd-devel-2.2.6-1.fc7.ppc64.rpm c185775aa8f5365d92bccfd2d2120816c411899f httpd-debuginfo-2.2.6-1.fc7.ppc64.rpm 40cf855f357b2fa7ecccc924391d410c7cf5e11b httpd-2.2.6-1.fc7.ppc64.rpm bfd502227b6ed79919ea57542624e79ee1e9e03a httpd-debuginfo-2.2.6-1.fc7.i386.rpm 35228e52ec153db2369faf4bbce8a2725b9966be httpd-2.2.6-1.fc7.i386.rpm 19b15128544ec142f176466b6702c906e55ea4d5 httpd-manual-2.2.6-1.fc7.i386.rpm 3403ae305ada347f42680c8f2efdad0500162d08 httpd-devel-2.2.6-1.fc7.i386.rpm d6a992100e0210816d454231ee799904c1640353 mod_ssl-2.2.6-1.fc7.i386.rpm cb8d2c1e49c178ef746bb163541c661563dec613 httpd-debuginfo-2.2.6-1.fc7.x86_64.rpm 670249aeaad497e1a3724aca07ede36f3dcc4be5 httpd-manual-2.2.6-1.fc7.x86_64.rpm 0112f1ffc5ad2838e07eaad1ab4d6091fce52fc4 mod_ssl-2.2.6-1.fc7.x86_64.rpm 96839c8f4500a5cb3fc19b7bfb6084eb91741a91 httpd-devel-2.2.6-1.fc7.x86_64.rpm 624bd35e9b25ea2ec2c826ed18124381e1cdc146 httpd-2.2.6-1.fc7.x86_64.rpm 95e48ce1ef3989a75ba4b73143a8c4a3fd8a4c2b httpd-manual-2.2.6-1.fc7.ppc.rpm e34e3a2ba6b3e2b3dfe9ad9255b6d1b94ca3d83f httpd-devel-2.2.6-1.fc7.ppc.rpm 90105174aafd89add6427b3a13d22d141ba27175 httpd-debuginfo-2.2.6-1.fc7.ppc.rpm 1d2531d00259b7e3f068559e88d57cf02407c438 mod_ssl-2.2.6-1.fc7.ppc.rpm e38b8d541b3a8872e94e85580a8044db3dcb9733 httpd-2.2.6-1.fc7.ppc.rpm 011fe8f7f89bbe992f956c0cc48f50ba8e9dd140 httpd-2.2.6-1.fc7.src.rpm ORIGINAL ADVISORY: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html OTHER REFERENCES: SA26636: http://secunia.com/advisories/26636/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------