RHSA-2007:0662-01 Moderate: httpd security update
Posted on: 07/13/2007 05:25 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: httpd security update
Advisory ID: RHSA-2007:0662-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0662.html
Issue date: 2007-07-13
Updated on: 2007-07-13
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-3304
- ---------------------------------------------------------------------

1. Summary:

Updated Apache httpd packages that correct a security issue are now
available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The Apache HTTP Server is a popular Web server.

The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker with the ability to run
scripts on the Apache HTTP Server could manipulate the scoreboard and cause
arbitrary processes to be terminated which could lead to a denial of
service. (CVE-2007-3304).

Users of httpd should upgrade to these updated packages, which contain
backported patches to correct this issue. Users should restart Apache
after installing this update.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

245111 - CVE-2007-3304 httpd scoreboard lack of PID protection

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-68.ent.src.rpm
04de0fb255872ee653842ca34316ad31 httpd-2.0.46-68.ent.src.rpm

i386:
45c45a284cdab73aeebb862525f2ede7 httpd-2.0.46-68.ent.i386.rpm
bad211e4329922e6ec4c3084c155587d httpd-debuginfo-2.0.46-68.ent.i386.rpm
7de1d694f50b018a3ef0c75d82239935 httpd-devel-2.0.46-68.ent.i386.rpm
8ed0d653d5a77352750851fd7a1bf31f mod_ssl-2.0.46-68.ent.i386.rpm

ia64:
926247832f94dfd72401b05f525f2e20 httpd-2.0.46-68.ent.ia64.rpm
a40731fb4e87bf735fcd5bb647b0cf16 httpd-debuginfo-2.0.46-68.ent.ia64.rpm
47168f2b3cb197eec527331e166e0a48 httpd-devel-2.0.46-68.ent.ia64.rpm
87477843557016c9c84f34c68500175d mod_ssl-2.0.46-68.ent.ia64.rpm

ppc:
42f51fe41d491ace05c74ca17d78fe46 httpd-2.0.46-68.ent.ppc.rpm
c0ec46f9857bdc714e8f966e15897a37 httpd-debuginfo-2.0.46-68.ent.ppc.rpm
a09210d5c9e0912f6299ad1c5f4c0bec httpd-devel-2.0.46-68.ent.ppc.rpm
0e4dfbe87cabee593054d7ca4627073b mod_ssl-2.0.46-68.ent.ppc.rpm

s390:
558efe236ba18cf1cebe60bfc9a356f9 httpd-2.0.46-68.ent.s390.rpm
a1ed197ac28cabc678b0b232fedba518 httpd-debuginfo-2.0.46-68.ent.s390.rpm
a908d0d57a07d7e574c8aeda7e0dc8d1 httpd-devel-2.0.46-68.ent.s390.rpm
b8b21f7acd5fd8e277d0b2261dbba9d1 mod_ssl-2.0.46-68.ent.s390.rpm

s390x:
988d27fe858348482b019927bc5db50a httpd-2.0.46-68.ent.s390x.rpm
f8f60b0a404a7121b53c06770444aea8 httpd-debuginfo-2.0.46-68.ent.s390x.rpm
0dadb504ce4aea5a65e97530d91f01f4 httpd-devel-2.0.46-68.ent.s390x.rpm
5f64f5d1510bff857dbd6e2e2a1ec221 mod_ssl-2.0.46-68.ent.s390x.rpm

x86_64:
5e2133732637c3d68f5c18159689cd5a httpd-2.0.46-68.ent.x86_64.rpm
92616d06d35472e3514e28a35d6071d5 httpd-debuginfo-2.0.46-68.ent.x86_64.rpm
305cbfae95e99237871c54f74a92ee4b httpd-devel-2.0.46-68.ent.x86_64.rpm
7b617b1877d5c84d54b619fda1da2c6e mod_ssl-2.0.46-68.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/httpd-2.0.46-68.ent.src.rpm
04de0fb255872ee653842ca34316ad31 httpd-2.0.46-68.ent.src.rpm

i386:
45c45a284cdab73aeebb862525f2ede7 httpd-2.0.46-68.ent.i386.rpm
bad211e4329922e6ec4c3084c155587d httpd-debuginfo-2.0.46-68.ent.i386.rpm
7de1d694f50b018a3ef0c75d82239935 httpd-devel-2.0.46-68.ent.i386.rpm
8ed0d653d5a77352750851fd7a1bf31f mod_ssl-2.0.46-68.ent.i386.rpm

x86_64:
5e2133732637c3d68f5c18159689cd5a httpd-2.0.46-68.ent.x86_64.rpm
92616d06d35472e3514e28a35d6071d5 httpd-debuginfo-2.0.46-68.ent.x86_64.rpm
305cbfae95e99237871c54f74a92ee4b httpd-devel-2.0.46-68.ent.x86_64.rpm
7b617b1877d5c84d54b619fda1da2c6e mod_ssl-2.0.46-68.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-68.ent.src.rpm
04de0fb255872ee653842ca34316ad31 httpd-2.0.46-68.ent.src.rpm

i386:
45c45a284cdab73aeebb862525f2ede7 httpd-2.0.46-68.ent.i386.rpm
bad211e4329922e6ec4c3084c155587d httpd-debuginfo-2.0.46-68.ent.i386.rpm
7de1d694f50b018a3ef0c75d82239935 httpd-devel-2.0.46-68.ent.i386.rpm
8ed0d653d5a77352750851fd7a1bf31f mod_ssl-2.0.46-68.ent.i386.rpm

ia64:
926247832f94dfd72401b05f525f2e20 httpd-2.0.46-68.ent.ia64.rpm
a40731fb4e87bf735fcd5bb647b0cf16 httpd-debuginfo-2.0.46-68.ent.ia64.rpm
47168f2b3cb197eec527331e166e0a48 httpd-devel-2.0.46-68.ent.ia64.rpm
87477843557016c9c84f34c68500175d mod_ssl-2.0.46-68.ent.ia64.rpm

x86_64:
5e2133732637c3d68f5c18159689cd5a httpd-2.0.46-68.ent.x86_64.rpm
92616d06d35472e3514e28a35d6071d5 httpd-debuginfo-2.0.46-68.ent.x86_64.rpm
305cbfae95e99237871c54f74a92ee4b httpd-devel-2.0.46-68.ent.x86_64.rpm
7b617b1877d5c84d54b619fda1da2c6e mod_ssl-2.0.46-68.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-68.ent.src.rpm
04de0fb255872ee653842ca34316ad31 httpd-2.0.46-68.ent.src.rpm

i386:
45c45a284cdab73aeebb862525f2ede7 httpd-2.0.46-68.ent.i386.rpm
bad211e4329922e6ec4c3084c155587d httpd-debuginfo-2.0.46-68.ent.i386.rpm
7de1d694f50b018a3ef0c75d82239935 httpd-devel-2.0.46-68.ent.i386.rpm
8ed0d653d5a77352750851fd7a1bf31f mod_ssl-2.0.46-68.ent.i386.rpm

ia64:
926247832f94dfd72401b05f525f2e20 httpd-2.0.46-68.ent.ia64.rpm
a40731fb4e87bf735fcd5bb647b0cf16 httpd-debuginfo-2.0.46-68.ent.ia64.rpm
47168f2b3cb197eec527331e166e0a48 httpd-devel-2.0.46-68.ent.ia64.rpm
87477843557016c9c84f34c68500175d mod_ssl-2.0.46-68.ent.ia64.rpm

x86_64:
5e2133732637c3d68f5c18159689cd5a httpd-2.0.46-68.ent.x86_64.rpm
92616d06d35472e3514e28a35d6071d5 httpd-debuginfo-2.0.46-68.ent.x86_64.rpm
305cbfae95e99237871c54f74a92ee4b httpd-devel-2.0.46-68.ent.x86_64.rpm
7b617b1877d5c84d54b619fda1da2c6e mod_ssl-2.0.46-68.ent.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-32.3.ent.src.rpm
98d72890a6b6ca504b3a4117b39a9cb8 httpd-2.0.52-32.3.ent.src.rpm

i386:
3d49e62ddef5e26af310e695e1c85942 httpd-2.0.52-32.3.ent.i386.rpm
5c9d1e61a6dce01cf4a0ea0a8f13aaeb httpd-debuginfo-2.0.52-32.3.ent.i386.rpm
7cd552fd590b098795e96eb44a319a24 httpd-devel-2.0.52-32.3.ent.i386.rpm
b6b8a6a9aeda14dcc1e1002ae75ff166 httpd-manual-2.0.52-32.3.ent.i386.rpm
259e29621f37bc98f7414459a6d0a7ba httpd-suexec-2.0.52-32.3.ent.i386.rpm
acaeb0a82c710af77ff3948736774a27 mod_ssl-2.0.52-32.3.ent.i386.rpm

ia64:
6e7bf610578b828450e32e23855f180a httpd-2.0.52-32.3.ent.ia64.rpm
e6311ddc9e353a3ff905120d3d9dab2a httpd-debuginfo-2.0.52-32.3.ent.ia64.rpm
fa6524d8755fbe467f4b122c1fc5d105 httpd-devel-2.0.52-32.3.ent.ia64.rpm
f073506a8dda759b9d806c4ff2ff7d28 httpd-manual-2.0.52-32.3.ent.ia64.rpm
f127172ad25744bcb4584240aa2e3484 httpd-suexec-2.0.52-32.3.ent.ia64.rpm
b5e97f1a2ae1da9fa04ae6af00766f1d mod_ssl-2.0.52-32.3.ent.ia64.rpm

ppc:
cb7e74df0b687d41515c00aa6c2f7f20 httpd-2.0.52-32.3.ent.ppc.rpm
be4924f953a80558ad60969382414d2b httpd-debuginfo-2.0.52-32.3.ent.ppc.rpm
46d384d93a7001f25c11f934d25afdbe httpd-devel-2.0.52-32.3.ent.ppc.rpm
6473cc4f012c92370f94b14c461c5939 httpd-manual-2.0.52-32.3.ent.ppc.rpm
95257fffaee90696acc675000f2534cd httpd-suexec-2.0.52-32.3.ent.ppc.rpm
82e75075008ad95c8069354f968bf4ec mod_ssl-2.0.52-32.3.ent.ppc.rpm

s390:
304dae15da3cb2f2b1a88bca696ab205 httpd-2.0.52-32.3.ent.s390.rpm
71eced2b9f805c347c3103a0d3062c7f httpd-debuginfo-2.0.52-32.3.ent.s390.rpm
ce3b6afc7f6f6d55fe72fa70141c4204 httpd-devel-2.0.52-32.3.ent.s390.rpm
27ce295c7088caeb41a9431653c0e778 httpd-manual-2.0.52-32.3.ent.s390.rpm
55c10fb0b5242f499300f793fb17f650 httpd-suexec-2.0.52-32.3.ent.s390.rpm
df04d6a0aa1b49e02fb72030cd3d538c mod_ssl-2.0.52-32.3.ent.s390.rpm

s390x:
5581919570c0644978581fab6fa5ed12 httpd-2.0.52-32.3.ent.s390x.rpm
26d74722b0622e9862115111a72e77e2 httpd-debuginfo-2.0.52-32.3.ent.s390x.rpm
e33cf6da4e4a25d4ebe58f73d39be7fa httpd-devel-2.0.52-32.3.ent.s390x.rpm
f8692011da91875de1195449c7fce3b8 httpd-manual-2.0.52-32.3.ent.s390x.rpm
edca1601a6d67a4c586d674f384a8742 httpd-suexec-2.0.52-32.3.ent.s390x.rpm
92f65dcb29479c9c10eb8aeaaef6e900 mod_ssl-2.0.52-32.3.ent.s390x.rpm

x86_64:
6e2eefa4b8cc1ab593792107718256af httpd-2.0.52-32.3.ent.x86_64.rpm
87c9dd6919e674f477377c25fe5e0376 httpd-debuginfo-2.0.52-32.3.ent.x86_64.rpm
92ec83cb5f718fdcfe430e61662bcfae httpd-devel-2.0.52-32.3.ent.x86_64.rpm
d134b7e7091f1be16435cd76241bf6d9 httpd-manual-2.0.52-32.3.ent.x86_64.rpm
ea93db5243587f9e2043fa4f0b109224 httpd-suexec-2.0.52-32.3.ent.x86_64.rpm
5de43b0430642a8c1ac2d900db03a58c mod_ssl-2.0.52-32.3.ent.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-32.3.ent.src.rpm
98d72890a6b6ca504b3a4117b39a9cb8 httpd-2.0.52-32.3.ent.src.rpm

i386:
3d49e62ddef5e26af310e695e1c85942 httpd-2.0.52-32.3.ent.i386.rpm
5c9d1e61a6dce01cf4a0ea0a8f13aaeb httpd-debuginfo-2.0.52-32.3.ent.i386.rpm
7cd552fd590b098795e96eb44a319a24 httpd-devel-2.0.52-32.3.ent.i386.rpm
b6b8a6a9aeda14dcc1e1002ae75ff166 httpd-manual-2.0.52-32.3.ent.i386.rpm
259e29621f37bc98f7414459a6d0a7ba httpd-suexec-2.0.52-32.3.ent.i386.rpm
acaeb0a82c710af77ff3948736774a27 mod_ssl-2.0.52-32.3.ent.i386.rpm

x86_64:
6e2eefa4b8cc1ab593792107718256af httpd-2.0.52-32.3.ent.x86_64.rpm
87c9dd6919e674f477377c25fe5e0376 httpd-debuginfo-2.0.52-32.3.ent.x86_64.rpm
92ec83cb5f718fdcfe430e61662bcfae httpd-devel-2.0.52-32.3.ent.x86_64.rpm
d134b7e7091f1be16435cd76241bf6d9 httpd-manual-2.0.52-32.3.ent.x86_64.rpm
ea93db5243587f9e2043fa4f0b109224 httpd-suexec-2.0.52-32.3.ent.x86_64.rpm
5de43b0430642a8c1ac2d900db03a58c mod_ssl-2.0.52-32.3.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-32.3.ent.src.rpm
98d72890a6b6ca504b3a4117b39a9cb8 httpd-2.0.52-32.3.ent.src.rpm

i386:
3d49e62ddef5e26af310e695e1c85942 httpd-2.0.52-32.3.ent.i386.rpm
5c9d1e61a6dce01cf4a0ea0a8f13aaeb httpd-debuginfo-2.0.52-32.3.ent.i386.rpm
7cd552fd590b098795e96eb44a319a24 httpd-devel-2.0.52-32.3.ent.i386.rpm
b6b8a6a9aeda14dcc1e1002ae75ff166 httpd-manual-2.0.52-32.3.ent.i386.rpm
259e29621f37bc98f7414459a6d0a7ba httpd-suexec-2.0.52-32.3.ent.i386.rpm
acaeb0a82c710af77ff3948736774a27 mod_ssl-2.0.52-32.3.ent.i386.rpm

ia64:
6e7bf610578b828450e32e23855f180a httpd-2.0.52-32.3.ent.ia64.rpm
e6311ddc9e353a3ff905120d3d9dab2a httpd-debuginfo-2.0.52-32.3.ent.ia64.rpm
fa6524d8755fbe467f4b122c1fc5d105 httpd-devel-2.0.52-32.3.ent.ia64.rpm
f073506a8dda759b9d806c4ff2ff7d28 httpd-manual-2.0.52-32.3.ent.ia64.rpm
f127172ad25744bcb4584240aa2e3484 httpd-suexec-2.0.52-32.3.ent.ia64.rpm
b5e97f1a2ae1da9fa04ae6af00766f1d mod_ssl-2.0.52-32.3.ent.ia64.rpm

x86_64:
6e2eefa4b8cc1ab593792107718256af httpd-2.0.52-32.3.ent.x86_64.rpm
87c9dd6919e674f477377c25fe5e0376 httpd-debuginfo-2.0.52-32.3.ent.x86_64.rpm
92ec83cb5f718fdcfe430e61662bcfae httpd-devel-2.0.52-32.3.ent.x86_64.rpm
d134b7e7091f1be16435cd76241bf6d9 httpd-manual-2.0.52-32.3.ent.x86_64.rpm
ea93db5243587f9e2043fa4f0b109224 httpd-suexec-2.0.52-32.3.ent.x86_64.rpm
5de43b0430642a8c1ac2d900db03a58c mod_ssl-2.0.52-32.3.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-32.3.ent.src.rpm
98d72890a6b6ca504b3a4117b39a9cb8 httpd-2.0.52-32.3.ent.src.rpm

i386:
3d49e62ddef5e26af310e695e1c85942 httpd-2.0.52-32.3.ent.i386.rpm
5c9d1e61a6dce01cf4a0ea0a8f13aaeb httpd-debuginfo-2.0.52-32.3.ent.i386.rpm
7cd552fd590b098795e96eb44a319a24 httpd-devel-2.0.52-32.3.ent.i386.rpm
b6b8a6a9aeda14dcc1e1002ae75ff166 httpd-manual-2.0.52-32.3.ent.i386.rpm
259e29621f37bc98f7414459a6d0a7ba httpd-suexec-2.0.52-32.3.ent.i386.rpm
acaeb0a82c710af77ff3948736774a27 mod_ssl-2.0.52-32.3.ent.i386.rpm

ia64:
6e7bf610578b828450e32e23855f180a httpd-2.0.52-32.3.ent.ia64.rpm
e6311ddc9e353a3ff905120d3d9dab2a httpd-debuginfo-2.0.52-32.3.ent.ia64.rpm
fa6524d8755fbe467f4b122c1fc5d105 httpd-devel-2.0.52-32.3.ent.ia64.rpm
f073506a8dda759b9d806c4ff2ff7d28 httpd-manual-2.0.52-32.3.ent.ia64.rpm
f127172ad25744bcb4584240aa2e3484 httpd-suexec-2.0.52-32.3.ent.ia64.rpm
b5e97f1a2ae1da9fa04ae6af00766f1d mod_ssl-2.0.52-32.3.ent.ia64.rpm

x86_64:
6e2eefa4b8cc1ab593792107718256af httpd-2.0.52-32.3.ent.x86_64.rpm
87c9dd6919e674f477377c25fe5e0376 httpd-debuginfo-2.0.52-32.3.ent.x86_64.rpm
92ec83cb5f718fdcfe430e61662bcfae httpd-devel-2.0.52-32.3.ent.x86_64.rpm
d134b7e7091f1be16435cd76241bf6d9 httpd-manual-2.0.52-32.3.ent.x86_64.rpm
ea93db5243587f9e2043fa4f0b109224 httpd-suexec-2.0.52-32.3.ent.x86_64.rpm
5de43b0430642a8c1ac2d900db03a58c mod_ssl-2.0.52-32.3.ent.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGlzHyXlSAg2UNWIIRAiB3AKCRf+MAPjGBveIANDueO2oYfrrluwCfVXBq
u4aaozmmRnyJBnRx0AQXeMg=
=JYjx
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20070662_01_moderate_httpd_security_update.html)