| Description: | Summary:
The remote host is missing an update for the 'httpd' package(s) announced via the ELSA-2013-0130 advisory.
Vulnerability Insight:
[2.2.3-74.0.1.el5]
- fix mod_ssl always performing full renegotiation (Joe Jin) [orabug 12423387]
- replace index.html with Oracle's index page oracle_index.html
- update vstring and distro in specfile
[2.2.3-74]
- further %post scriptlet fix (#752618, #867736)
[2.2.3-73]
- fix %post scriptlet output (#752618, #867736)
[2.2.3-72]
- add security fix for CVE-2008-0456
[2.2.3-71]
- add security fix for CVE-2012-2687 (#850794)
[2.2.3-70]
- relax checks for status-line validity (#853128)
[2.2.3-69]
- mod_cache: fix header merging for 304 case, thanks to Roy Badami (#845532)
- correct CVE reference in old changelog entry (#849160)
[2.2.3-68]
- mod_ssl: add _userID DN variable suffix for NID_userId (#840036)
- fix handling of long chunk-line (#840845)
- omit %posttrans daemon restart if
/etc/sysconfig/httpd-disable-posttrans exists (#833042)
[2.2.3-67]
- add server aliases to 'httpd -S' output (#833043)
- LSB compliance fixes for init script (#783242)
- mod_ldap: add LDAPReferrals directive alias (#727342)
[2.2.3-66]
- check if localhost.key is valid (#752618)
- mod_proxy_ajp: honour ProxyErrorOverride (#767890)
- mod_ssl: fixed start with FIPS 140-2 mode enabled (#773473)
Affected Software/OS:
'httpd' package(s) on Oracle Linux 5.
Solution:
Please install the updated package(s).
CVSS Score:
4.3
CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
