[SECURITY] Fedora Core 1 Update: httpd-2.0.49-1.1

Joe Orton jorton at redhat.com
Tue May 25 13:18:15 UTC 2004 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-117
2004-05-25
---------------------------------------------------------------------

Product     : Fedora Core 1
Name        : httpd
Version     : 2.0.49                      
Release     : 1.1                  
Summary     : Apache HTTP Server
Description :
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the
Internet.

---------------------------------------------------------------------
Update Information:

This update includes the latest stable release of Apache httpd 2.0,
including a security fix for a memory leak in mod_ssl which can be
triggered remotely (CVE CAN-2004-0113), and a fix for escaping of error
log output (CVE CAN-2003-0020).

This update also includes an enhanced version of the mod_cgi module
which fixes a long-standing bug in the handling of stderr output during
CGI script execution.
--------------------------------------------------------------------- 

* Fri May 07 2004 Joe Orton <jorton at redhat.com> 2.0.49-1.1

- fix 2.0.48's httpd loading 2.0.49's mod_expires.so

* Fri May 07 2004 Joe Orton <jorton at redhat.com> 2.0.49-1.0

- update to 2.0.49 (thanks to Robert Scheck, #118798)
- make "noindex" page valid XHTML 1.1 (Pascal Volk, #122020)
- restore /etc/httpd/build/libtool symlink (#113720)
- mod_cgi: backport fixes for stderr handling (upstream #22030)
- mod_dav: misc improvements
- add rgetline NUL-termination fixes (Tsurutani Naoki, upstream #28376)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

b008b66b5af9ce253a53a805919a6814  SRPMS/httpd-2.0.49-1.1.src.rpm
f047f09af00b168af1b67ce4ff377c39  i386/httpd-2.0.49-1.1.i386.rpm
52befed28d29860131a578615c2a4ff1  i386/httpd-devel-2.0.49-1.1.i386.rpm
2915df9769773493e82472ce5dfe84dc  i386/httpd-manual-2.0.49-1.1.i386.rpm
d943e6a34e9dbf1df956f9b98faf9e36  i386/mod_ssl-2.0.49-1.1.i386.rpm
7a59a2e8e05ae55d188c6eeaa2b57e3d  i386/debug/httpd-debuginfo-2.0.49-1.1.i386.rpm
89d28478a3a3fa06872aa5a5c4738d08  x86_64/httpd-2.0.49-1.1.x86_64.rpm
4b08a98a31db3e9b4b7482d63b107e18  x86_64/httpd-devel-2.0.49-1.1.x86_64.rpm
d553b52be3170277f528289ea1fc8eef  x86_64/httpd-manual-2.0.49-1.1.x86_64.rpm
b0a67133622538b4d3137114dba3ad04  x86_64/mod_ssl-2.0.49-1.1.x86_64.rpm
479c2ccc1fada2efde2ba409c9058d75  x86_64/debug/httpd-debuginfo-2.0.49-1.1.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

More information about the announce mailing list