-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Moderate: httpd security update Advisory ID: RHSA-2007:0662-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0662.html Issue date: 2007-07-13 Updated on: 2007-07-13 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-3304 - ---------------------------------------------------------------------
1. Summary:
Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The Apache HTTP Server is a popular Web server.
The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service. (CVE-2007-3304).
Users of httpd should upgrade to these updated packages, which contain backported patches to correct this issue. Users should restart Apache after installing this update.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
245111 - CVE-2007-3304 httpd scoreboard lack of PID protection
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-68.ent.src.rpm 04de0fb255872ee653842ca34316ad31 httpd-2.0.46-68.ent.src.rpm
i386: 45c45a284cdab73aeebb862525f2ede7 httpd-2.0.46-68.ent.i386.rpm bad211e4329922e6ec4c3084c155587d httpd-debuginfo-2.0.46-68.ent.i386.rpm 7de1d694f50b018a3ef0c75d82239935 httpd-devel-2.0.46-68.ent.i386.rpm 8ed0d653d5a77352750851fd7a1bf31f mod_ssl-2.0.46-68.ent.i386.rpm
ia64: 926247832f94dfd72401b05f525f2e20 httpd-2.0.46-68.ent.ia64.rpm a40731fb4e87bf735fcd5bb647b0cf16 httpd-debuginfo-2.0.46-68.ent.ia64.rpm 47168f2b3cb197eec527331e166e0a48 httpd-devel-2.0.46-68.ent.ia64.rpm 87477843557016c9c84f34c68500175d mod_ssl-2.0.46-68.ent.ia64.rpm
ppc: 42f51fe41d491ace05c74ca17d78fe46 httpd-2.0.46-68.ent.ppc.rpm c0ec46f9857bdc714e8f966e15897a37 httpd-debuginfo-2.0.46-68.ent.ppc.rpm a09210d5c9e0912f6299ad1c5f4c0bec httpd-devel-2.0.46-68.ent.ppc.rpm 0e4dfbe87cabee593054d7ca4627073b mod_ssl-2.0.46-68.ent.ppc.rpm
s390: 558efe236ba18cf1cebe60bfc9a356f9 httpd-2.0.46-68.ent.s390.rpm a1ed197ac28cabc678b0b232fedba518 httpd-debuginfo-2.0.46-68.ent.s390.rpm a908d0d57a07d7e574c8aeda7e0dc8d1 httpd-devel-2.0.46-68.ent.s390.rpm b8b21f7acd5fd8e277d0b2261dbba9d1 mod_ssl-2.0.46-68.ent.s390.rpm
s390x: 988d27fe858348482b019927bc5db50a httpd-2.0.46-68.ent.s390x.rpm f8f60b0a404a7121b53c06770444aea8 httpd-debuginfo-2.0.46-68.ent.s390x.rpm 0dadb504ce4aea5a65e97530d91f01f4 httpd-devel-2.0.46-68.ent.s390x.rpm 5f64f5d1510bff857dbd6e2e2a1ec221 mod_ssl-2.0.46-68.ent.s390x.rpm
x86_64: 5e2133732637c3d68f5c18159689cd5a httpd-2.0.46-68.ent.x86_64.rpm 92616d06d35472e3514e28a35d6071d5 httpd-debuginfo-2.0.46-68.ent.x86_64.rpm 305cbfae95e99237871c54f74a92ee4b httpd-devel-2.0.46-68.ent.x86_64.rpm 7b617b1877d5c84d54b619fda1da2c6e mod_ssl-2.0.46-68.ent.x86_64.rpm
Red Hat Desktop version 3:
SRPMS: httpd-2.0.46-68.ent.src.rpm 04de0fb255872ee653842ca34316ad31 httpd-2.0.46-68.ent.src.rpm
i386: 45c45a284cdab73aeebb862525f2ede7 httpd-2.0.46-68.ent.i386.rpm bad211e4329922e6ec4c3084c155587d httpd-debuginfo-2.0.46-68.ent.i386.rpm 7de1d694f50b018a3ef0c75d82239935 httpd-devel-2.0.46-68.ent.i386.rpm 8ed0d653d5a77352750851fd7a1bf31f mod_ssl-2.0.46-68.ent.i386.rpm
x86_64: 5e2133732637c3d68f5c18159689cd5a httpd-2.0.46-68.ent.x86_64.rpm 92616d06d35472e3514e28a35d6071d5 httpd-debuginfo-2.0.46-68.ent.x86_64.rpm 305cbfae95e99237871c54f74a92ee4b httpd-devel-2.0.46-68.ent.x86_64.rpm 7b617b1877d5c84d54b619fda1da2c6e mod_ssl-2.0.46-68.ent.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-68.ent.src.rpm 04de0fb255872ee653842ca34316ad31 httpd-2.0.46-68.ent.src.rpm
i386: 45c45a284cdab73aeebb862525f2ede7 httpd-2.0.46-68.ent.i386.rpm bad211e4329922e6ec4c3084c155587d httpd-debuginfo-2.0.46-68.ent.i386.rpm 7de1d694f50b018a3ef0c75d82239935 httpd-devel-2.0.46-68.ent.i386.rpm 8ed0d653d5a77352750851fd7a1bf31f mod_ssl-2.0.46-68.ent.i386.rpm
ia64: 926247832f94dfd72401b05f525f2e20 httpd-2.0.46-68.ent.ia64.rpm a40731fb4e87bf735fcd5bb647b0cf16 httpd-debuginfo-2.0.46-68.ent.ia64.rpm 47168f2b3cb197eec527331e166e0a48 httpd-devel-2.0.46-68.ent.ia64.rpm 87477843557016c9c84f34c68500175d mod_ssl-2.0.46-68.ent.ia64.rpm
x86_64: 5e2133732637c3d68f5c18159689cd5a httpd-2.0.46-68.ent.x86_64.rpm 92616d06d35472e3514e28a35d6071d5 httpd-debuginfo-2.0.46-68.ent.x86_64.rpm 305cbfae95e99237871c54f74a92ee4b httpd-devel-2.0.46-68.ent.x86_64.rpm 7b617b1877d5c84d54b619fda1da2c6e mod_ssl-2.0.46-68.ent.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-68.ent.src.rpm 04de0fb255872ee653842ca34316ad31 httpd-2.0.46-68.ent.src.rpm
i386: 45c45a284cdab73aeebb862525f2ede7 httpd-2.0.46-68.ent.i386.rpm bad211e4329922e6ec4c3084c155587d httpd-debuginfo-2.0.46-68.ent.i386.rpm 7de1d694f50b018a3ef0c75d82239935 httpd-devel-2.0.46-68.ent.i386.rpm 8ed0d653d5a77352750851fd7a1bf31f mod_ssl-2.0.46-68.ent.i386.rpm
ia64: 926247832f94dfd72401b05f525f2e20 httpd-2.0.46-68.ent.ia64.rpm a40731fb4e87bf735fcd5bb647b0cf16 httpd-debuginfo-2.0.46-68.ent.ia64.rpm 47168f2b3cb197eec527331e166e0a48 httpd-devel-2.0.46-68.ent.ia64.rpm 87477843557016c9c84f34c68500175d mod_ssl-2.0.46-68.ent.ia64.rpm
x86_64: 5e2133732637c3d68f5c18159689cd5a httpd-2.0.46-68.ent.x86_64.rpm 92616d06d35472e3514e28a35d6071d5 httpd-debuginfo-2.0.46-68.ent.x86_64.rpm 305cbfae95e99237871c54f74a92ee4b httpd-devel-2.0.46-68.ent.x86_64.rpm 7b617b1877d5c84d54b619fda1da2c6e mod_ssl-2.0.46-68.ent.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS: httpd-2.0.52-32.3.ent.src.rpm 98d72890a6b6ca504b3a4117b39a9cb8 httpd-2.0.52-32.3.ent.src.rpm
i386: 3d49e62ddef5e26af310e695e1c85942 httpd-2.0.52-32.3.ent.i386.rpm 5c9d1e61a6dce01cf4a0ea0a8f13aaeb httpd-debuginfo-2.0.52-32.3.ent.i386.rpm 7cd552fd590b098795e96eb44a319a24 httpd-devel-2.0.52-32.3.ent.i386.rpm b6b8a6a9aeda14dcc1e1002ae75ff166 httpd-manual-2.0.52-32.3.ent.i386.rpm 259e29621f37bc98f7414459a6d0a7ba httpd-suexec-2.0.52-32.3.ent.i386.rpm acaeb0a82c710af77ff3948736774a27 mod_ssl-2.0.52-32.3.ent.i386.rpm
ia64: 6e7bf610578b828450e32e23855f180a httpd-2.0.52-32.3.ent.ia64.rpm e6311ddc9e353a3ff905120d3d9dab2a httpd-debuginfo-2.0.52-32.3.ent.ia64.rpm fa6524d8755fbe467f4b122c1fc5d105 httpd-devel-2.0.52-32.3.ent.ia64.rpm f073506a8dda759b9d806c4ff2ff7d28 httpd-manual-2.0.52-32.3.ent.ia64.rpm f127172ad25744bcb4584240aa2e3484 httpd-suexec-2.0.52-32.3.ent.ia64.rpm b5e97f1a2ae1da9fa04ae6af00766f1d mod_ssl-2.0.52-32.3.ent.ia64.rpm
ppc: cb7e74df0b687d41515c00aa6c2f7f20 httpd-2.0.52-32.3.ent.ppc.rpm be4924f953a80558ad60969382414d2b httpd-debuginfo-2.0.52-32.3.ent.ppc.rpm 46d384d93a7001f25c11f934d25afdbe httpd-devel-2.0.52-32.3.ent.ppc.rpm 6473cc4f012c92370f94b14c461c5939 httpd-manual-2.0.52-32.3.ent.ppc.rpm 95257fffaee90696acc675000f2534cd httpd-suexec-2.0.52-32.3.ent.ppc.rpm 82e75075008ad95c8069354f968bf4ec mod_ssl-2.0.52-32.3.ent.ppc.rpm
s390: 304dae15da3cb2f2b1a88bca696ab205 httpd-2.0.52-32.3.ent.s390.rpm 71eced2b9f805c347c3103a0d3062c7f httpd-debuginfo-2.0.52-32.3.ent.s390.rpm ce3b6afc7f6f6d55fe72fa70141c4204 httpd-devel-2.0.52-32.3.ent.s390.rpm 27ce295c7088caeb41a9431653c0e778 httpd-manual-2.0.52-32.3.ent.s390.rpm 55c10fb0b5242f499300f793fb17f650 httpd-suexec-2.0.52-32.3.ent.s390.rpm df04d6a0aa1b49e02fb72030cd3d538c mod_ssl-2.0.52-32.3.ent.s390.rpm
s390x: 5581919570c0644978581fab6fa5ed12 httpd-2.0.52-32.3.ent.s390x.rpm 26d74722b0622e9862115111a72e77e2 httpd-debuginfo-2.0.52-32.3.ent.s390x.rpm e33cf6da4e4a25d4ebe58f73d39be7fa httpd-devel-2.0.52-32.3.ent.s390x.rpm f8692011da91875de1195449c7fce3b8 httpd-manual-2.0.52-32.3.ent.s390x.rpm edca1601a6d67a4c586d674f384a8742 httpd-suexec-2.0.52-32.3.ent.s390x.rpm 92f65dcb29479c9c10eb8aeaaef6e900 mod_ssl-2.0.52-32.3.ent.s390x.rpm
x86_64: 6e2eefa4b8cc1ab593792107718256af httpd-2.0.52-32.3.ent.x86_64.rpm 87c9dd6919e674f477377c25fe5e0376 httpd-debuginfo-2.0.52-32.3.ent.x86_64.rpm 92ec83cb5f718fdcfe430e61662bcfae httpd-devel-2.0.52-32.3.ent.x86_64.rpm d134b7e7091f1be16435cd76241bf6d9 httpd-manual-2.0.52-32.3.ent.x86_64.rpm ea93db5243587f9e2043fa4f0b109224 httpd-suexec-2.0.52-32.3.ent.x86_64.rpm 5de43b0430642a8c1ac2d900db03a58c mod_ssl-2.0.52-32.3.ent.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: httpd-2.0.52-32.3.ent.src.rpm 98d72890a6b6ca504b3a4117b39a9cb8 httpd-2.0.52-32.3.ent.src.rpm
i386: 3d49e62ddef5e26af310e695e1c85942 httpd-2.0.52-32.3.ent.i386.rpm 5c9d1e61a6dce01cf4a0ea0a8f13aaeb httpd-debuginfo-2.0.52-32.3.ent.i386.rpm 7cd552fd590b098795e96eb44a319a24 httpd-devel-2.0.52-32.3.ent.i386.rpm b6b8a6a9aeda14dcc1e1002ae75ff166 httpd-manual-2.0.52-32.3.ent.i386.rpm 259e29621f37bc98f7414459a6d0a7ba httpd-suexec-2.0.52-32.3.ent.i386.rpm acaeb0a82c710af77ff3948736774a27 mod_ssl-2.0.52-32.3.ent.i386.rpm
x86_64: 6e2eefa4b8cc1ab593792107718256af httpd-2.0.52-32.3.ent.x86_64.rpm 87c9dd6919e674f477377c25fe5e0376 httpd-debuginfo-2.0.52-32.3.ent.x86_64.rpm 92ec83cb5f718fdcfe430e61662bcfae httpd-devel-2.0.52-32.3.ent.x86_64.rpm d134b7e7091f1be16435cd76241bf6d9 httpd-manual-2.0.52-32.3.ent.x86_64.rpm ea93db5243587f9e2043fa4f0b109224 httpd-suexec-2.0.52-32.3.ent.x86_64.rpm 5de43b0430642a8c1ac2d900db03a58c mod_ssl-2.0.52-32.3.ent.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: httpd-2.0.52-32.3.ent.src.rpm 98d72890a6b6ca504b3a4117b39a9cb8 httpd-2.0.52-32.3.ent.src.rpm
i386: 3d49e62ddef5e26af310e695e1c85942 httpd-2.0.52-32.3.ent.i386.rpm 5c9d1e61a6dce01cf4a0ea0a8f13aaeb httpd-debuginfo-2.0.52-32.3.ent.i386.rpm 7cd552fd590b098795e96eb44a319a24 httpd-devel-2.0.52-32.3.ent.i386.rpm b6b8a6a9aeda14dcc1e1002ae75ff166 httpd-manual-2.0.52-32.3.ent.i386.rpm 259e29621f37bc98f7414459a6d0a7ba httpd-suexec-2.0.52-32.3.ent.i386.rpm acaeb0a82c710af77ff3948736774a27 mod_ssl-2.0.52-32.3.ent.i386.rpm
ia64: 6e7bf610578b828450e32e23855f180a httpd-2.0.52-32.3.ent.ia64.rpm e6311ddc9e353a3ff905120d3d9dab2a httpd-debuginfo-2.0.52-32.3.ent.ia64.rpm fa6524d8755fbe467f4b122c1fc5d105 httpd-devel-2.0.52-32.3.ent.ia64.rpm f073506a8dda759b9d806c4ff2ff7d28 httpd-manual-2.0.52-32.3.ent.ia64.rpm f127172ad25744bcb4584240aa2e3484 httpd-suexec-2.0.52-32.3.ent.ia64.rpm b5e97f1a2ae1da9fa04ae6af00766f1d mod_ssl-2.0.52-32.3.ent.ia64.rpm
x86_64: 6e2eefa4b8cc1ab593792107718256af httpd-2.0.52-32.3.ent.x86_64.rpm 87c9dd6919e674f477377c25fe5e0376 httpd-debuginfo-2.0.52-32.3.ent.x86_64.rpm 92ec83cb5f718fdcfe430e61662bcfae httpd-devel-2.0.52-32.3.ent.x86_64.rpm d134b7e7091f1be16435cd76241bf6d9 httpd-manual-2.0.52-32.3.ent.x86_64.rpm ea93db5243587f9e2043fa4f0b109224 httpd-suexec-2.0.52-32.3.ent.x86_64.rpm 5de43b0430642a8c1ac2d900db03a58c mod_ssl-2.0.52-32.3.ent.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: httpd-2.0.52-32.3.ent.src.rpm 98d72890a6b6ca504b3a4117b39a9cb8 httpd-2.0.52-32.3.ent.src.rpm
i386: 3d49e62ddef5e26af310e695e1c85942 httpd-2.0.52-32.3.ent.i386.rpm 5c9d1e61a6dce01cf4a0ea0a8f13aaeb httpd-debuginfo-2.0.52-32.3.ent.i386.rpm 7cd552fd590b098795e96eb44a319a24 httpd-devel-2.0.52-32.3.ent.i386.rpm b6b8a6a9aeda14dcc1e1002ae75ff166 httpd-manual-2.0.52-32.3.ent.i386.rpm 259e29621f37bc98f7414459a6d0a7ba httpd-suexec-2.0.52-32.3.ent.i386.rpm acaeb0a82c710af77ff3948736774a27 mod_ssl-2.0.52-32.3.ent.i386.rpm
ia64: 6e7bf610578b828450e32e23855f180a httpd-2.0.52-32.3.ent.ia64.rpm e6311ddc9e353a3ff905120d3d9dab2a httpd-debuginfo-2.0.52-32.3.ent.ia64.rpm fa6524d8755fbe467f4b122c1fc5d105 httpd-devel-2.0.52-32.3.ent.ia64.rpm f073506a8dda759b9d806c4ff2ff7d28 httpd-manual-2.0.52-32.3.ent.ia64.rpm f127172ad25744bcb4584240aa2e3484 httpd-suexec-2.0.52-32.3.ent.ia64.rpm b5e97f1a2ae1da9fa04ae6af00766f1d mod_ssl-2.0.52-32.3.ent.ia64.rpm
x86_64: 6e2eefa4b8cc1ab593792107718256af httpd-2.0.52-32.3.ent.x86_64.rpm 87c9dd6919e674f477377c25fe5e0376 httpd-debuginfo-2.0.52-32.3.ent.x86_64.rpm 92ec83cb5f718fdcfe430e61662bcfae httpd-devel-2.0.52-32.3.ent.x86_64.rpm d134b7e7091f1be16435cd76241bf6d9 httpd-manual-2.0.52-32.3.ent.x86_64.rpm ea93db5243587f9e2043fa4f0b109224 httpd-suexec-2.0.52-32.3.ent.x86_64.rpm 5de43b0430642a8c1ac2d900db03a58c mod_ssl-2.0.52-32.3.ent.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGlzHyXlSAg2UNWIIRAiB3AKCRf+MAPjGBveIANDueO2oYfrrluwCfVXBq u4aaozmmRnyJBnRx0AQXeMg= =JYjx -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|