| Summary: | The remote host is missing updates announced in;advisory RHSA-2009:1075.;;The Apache HTTP Server is a popular and freely-available Web server.;;A flaw was found in the handling of compression structures between mod_ssl;and OpenSSL. If too many connections were opened in a short period of time,;all system memory and swap space would be consumed by httpd, negatively;impacting other processes, or causing a system crash. (CVE-2008-1678);;Note: The CVE-2008-1678 issue did not affect Red Hat Enterprise Linux 5;prior to 5.3. The problem was introduced via the RHBA-2009:0181 errata in;Red Hat Enterprise Linux 5.3, which upgraded OpenSSL to the newer 0.9.8e;version.;;A flaw was found in the handling of the Options and AllowOverride;directives. In configurations using the AllowOverride directive with;certain Options= arguments, local users were not restricted from;executing commands from a Server-Side-Include script as intended.;(CVE-2009-1195);;All httpd users should upgrade to these updated packages, which contain;backported patches to resolve these issues. Users must restart httpd for;this update to take effect. |
| Description: | Summary:
The remote host is missing updates announced in
advisory RHSA-2009:1075.
The Apache HTTP Server is a popular and freely-available Web server.
A flaw was found in the handling of compression structures between mod_ssl
and OpenSSL. If too many connections were opened in a short period of time,
all system memory and swap space would be consumed by httpd, negatively
impacting other processes, or causing a system crash. (CVE-2008-1678)
Note: The CVE-2008-1678 issue did not affect Red Hat Enterprise Linux 5
prior to 5.3. The problem was introduced via the RHBA-2009:0181 errata in
Red Hat Enterprise Linux 5.3, which upgraded OpenSSL to the newer 0.9.8e
version.
A flaw was found in the handling of the Options and AllowOverride
directives. In configurations using the AllowOverride directive with
certain Options= arguments, local users were not restricted from
executing commands from a Server-Side-Include script as intended.
(CVE-2009-1195)
All httpd users should upgrade to these updated packages, which contain
backported patches to resolve these issues. Users must restart httpd for
this update to take effect.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
CVSS Score:
5.0
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
