httpd security, bug fix, and enhancement update

2.2.15-45.0.1 - replace index.html with Oracle's index page oracleindex.html - update vstring in specfile 2.2.15-45 - modproxybalancer: add support for 'drain mode' N 767130 2.2.15-44 - set SSLCipherSuite to DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES 1086771 2.2.15-43 - revert DirectoryMatch patc...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2015:1249 Updated httpd packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scori...

F5 Networks BIG-IP : Apache HTTPD vulnerability (SOL16907)

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

SOL16907 - Apache HTTPD vulnerability CVE-2011-3607

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

RedHat Update for httpd RHSA-2015:1249-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : httpd (RHSA-2015:1249)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1249 advisory. - httpd: bypass of modheaders rules via chunked requests CVE-2013-5704 Note that Nessus has not tested for this issue but has instead relied only on...

Fedora 22 : httpd-2.4.16-1.fc22 (2015-11689)

Update to new version 2.4.16. This update fixed various bugs as well as few security issues. For full changelog, see http://www.apache.org/dist/httpd/CHANGES2.4.16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable...

Fedora Update for httpd FEDORA-2015-11689

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

Updated httpd packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

[slackware-security] httpd (SSA:2015-198-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security httpd SSA:2015-198-01 New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

Slackware 14.0 / 14.1 / current : httpd (SSA:2015-198-01)

New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2015-198-01. The text itself is copyright C...

[slackware-security] httpd

New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/httpd-2.4.16-i486-1slack14.1.txz: Upgraded. This update fixes the following security issues: CVE-2015-0253: Fix a crash with...

Scientific Linux Security Update : php on SL6.x i386/x86_64 (20150709)

A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. CVE-2015-4024 An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP...

Moderate: Red Hat Security Advisory: php security update

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...

Important: Red Hat Security Advisory: rh-php56-php security update

Updated rh-php56-php packages that fix multiple security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/php-5.4.41-i486-1slack14.1.txz: Upgraded. This update fixes some bugs and security issues. For more information, see:...

Fedora Update for httpd FEDORA-2015-9216

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: php55 security and bug fix update

Updated php55 collection packages that fix multiple security issues and several bugs are now available as part of Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

php: pipelined request executed in deinitialized interpreter under httpd 2.4

A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code...

Fedora 21 : httpd-2.4.12-1.fc21 (2015-9216)

Update to new version 2.4.12. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...