Important Photon OS Security Update - PHSA-2017-0057

Updates of 'httpd' packages of Photon OS have been released...

SA154: Apache httpd Vulnerabilities June 2017

SUMMARY Symantec Network Protection products using affected versions of Apache httpd are susceptible to multiple security vulnerabilities. A remote attacker, with access to the management interface, can cause denial of service through application crashes or bypass required authentication. AFFECTE...

Fedora 25 : httpd (2017-9ded7c5670)

File /etc/sysconfig/httpd is ghosted now ---- Version update ---- Security fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

CVE-2016-6312

The moddontdothat component of the moddavsvn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service memory...

Code injection

The moddontdothat component of the moddavsvn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service memory...

Fedora 26 : httpd (2017-81976b6a91)

Security fix for CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...

Fedora Update for httpd FEDORA-2017-9ded7c5670

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache httpd 'mod_auth_digest' memory corruption vulnerability

Apache HTTP Server is an open source web server from the Apache Software Foundation. A security vulnerability in Apache HTTP Server modauthdigest allows remote attackers to exploit the vulnerability to submit a special request, obtain sensitive information, conduct a denial of service attack, or...

Apache httpd 'mod_http2' Denial of Service Vulnerability

Apache HTTP Server is an open source web server from the Apache Software Foundation. A security vulnerability in the Apache httpd HTTP/2 processing code allows remote attackers to conduct denial-of-service attacks by submitting special requests and in some cases closing multiple connections...

Fedora Update for httpd FEDORA-2017-cf9599a306

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for httpd CESA-2017:1721 centos6

Check the version of httpd SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882751";...

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-194-01)

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-194-01. The tex...

[slackware-security] httpd

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/httpd-2.4.27-i586-1slack14.2.txz: Upgraded. This update fixes two security issues: Read after free in...

Design/Logic Flaw

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '=' assignment could reflect the stale...

CVE-2017-9788

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '=' assignment could reflect the stale...

Code injection

When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour...

CVE-2017-9789

When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour...

CVE-2017-9788

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '=' assignment could reflect the stale...

CVE-2017-9789

When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour...

CVE-2017-9788

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '=' assignment could reflect the stale...