Red Hat 9037 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: httpd security, bug fix, and enhancement update
Advisory ID: RHSA-2007:0747-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0747.html
Issue date: 2007-11-15
Updated on: 2007-11-15
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-3847
- ---------------------------------------------------------------------

1. Summary:

Updated httpd packages that fix a security issue, various bugs, and add
enhancements are now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The Apache HTTP Server is a popular and freely-available Web server.

A flaw was found in the Apache HTTP Server mod_proxy module. On sites where
a reverse proxy is configured, a remote attacker could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. On sites where a forward proxy is configured, an attacker
could cause a similar crash if a user could be persuaded to visit a
malicious site using the proxy. This could lead to a denial of service if
using a threaded Multi-Processing Module. (CVE-2007-3847)

As well, these updated packages fix the following bugs:

* the default "/etc/logrotate.d/httpd" script incorrectly invoked the kill
command, instead of using the "/sbin/service httpd restart" command. If you
configured the httpd PID to be in a location other than
"/var/run/httpd.pid", the httpd logs failed to be rotated. This has been
resolved in these updated packages.

* Set-Cookie headers with a status code of 3xx are not forwarded to
clients when the "ProxyErrorOverride" directive is enabled. These
responses are overridden at the proxy. Only the responses with status
codes of 4xx and 5xx are overridden in these updated packages.

* mod_proxy did not correctly handle percent-encoded characters (ie %20)
when configured as a reverse proxy.

* invalid HTTP status codes could be logged if output filters returned
errors.

* the "ProxyTimeout" directive was not inherited across virtual host
definitions.

* in some cases the Content-Length header was dropped from HEAD responses.
This resulted in certain sites not working correctly with mod_proxy, such
as www.windowsupdate.com.

This update adds the following enhancements:

* a new configuration option has been added, "ServerTokens Full-Release",
which adds the package release to the server version string, which is
returned in the "Server" response header.

* a new module has been added, mod_version, which allows configuration
files to be written containing sections, which are evaluated only if the
version of httpd used matches a specified condition.

Users of httpd are advised to upgrade to these updated packages, which
resolve these issues and add these enhancements.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

173467 - windowsupdate.microsoft.com does not work with mod_proxy
197915 - %>s incorrectly logs status code as 70007 - default handler returns output filter apr_status_t value
233254 - mod_proxy not handling percent chars in URLs correctly
240022 - Mod_proxy_http ProxyErrorOverride eating cookies
241407 - logrotate.d/httpd postrotate must use initscripts
242920 - Reverse Proxy Unexpected Timeout
248696 - Identify httpd version to configuration
250731 - CVE-2007-3847 httpd out of bounds read

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-38.ent.src.rpm
30f125952a08e957d2f346c30ef7e7e7 httpd-2.0.52-38.ent.src.rpm

i386:
f95b69b489d295ef96739a29757f55f2 httpd-2.0.52-38.ent.i386.rpm
42d59887a92689c9f81ff10cf626793d httpd-debuginfo-2.0.52-38.ent.i386.rpm
f2fff3fd377adc85d0bed311e2e0f45c httpd-devel-2.0.52-38.ent.i386.rpm
af796b5d498e912c27879906f0d7b9a1 httpd-manual-2.0.52-38.ent.i386.rpm
22c3deae4f0d49aa0051df04ce787de4 httpd-suexec-2.0.52-38.ent.i386.rpm
098b7c0ec963fd46a9db7aa43c7641a7 mod_ssl-2.0.52-38.ent.i386.rpm

ia64:
cdce256cd1151d5d3e6b4bc7b8e52780 httpd-2.0.52-38.ent.ia64.rpm
0f15a50cebaf5efbc523419eee3e4f18 httpd-debuginfo-2.0.52-38.ent.ia64.rpm
405b21207461558c006ae8536cd27ef4 httpd-devel-2.0.52-38.ent.ia64.rpm
e94df07dab0db9d976c7970e6ced9583 httpd-manual-2.0.52-38.ent.ia64.rpm
75646a0496eda2196eff7529f983c538 httpd-suexec-2.0.52-38.ent.ia64.rpm
58ab32351e3ecf0e0fd93d1ea4d86c85 mod_ssl-2.0.52-38.ent.ia64.rpm

ppc:
e210ee818047bab954d1edd66f5b6a86 httpd-2.0.52-38.ent.ppc.rpm
fd817e6b5cc96496bc567201ef8a8572 httpd-debuginfo-2.0.52-38.ent.ppc.rpm
79ebbe88ca05c2118bc170597b47ec66 httpd-devel-2.0.52-38.ent.ppc.rpm
64edf3e07c9b4c44e25c3b32cdd2c7a6 httpd-manual-2.0.52-38.ent.ppc.rpm
59434fe63aaa50b78081328a42d0a3cb httpd-suexec-2.0.52-38.ent.ppc.rpm
7b1aa9ff784abc0505463a51c7cc7a3e mod_ssl-2.0.52-38.ent.ppc.rpm

s390:
8e051d2f7eb66e09b656b9027aa4107a httpd-2.0.52-38.ent.s390.rpm
e0b951a481fd759b9ab800c9b9cf11fb httpd-debuginfo-2.0.52-38.ent.s390.rpm
2b70fcfe40d17f7cd8ef27dade54bb3e httpd-devel-2.0.52-38.ent.s390.rpm
4ec9ca1ba9713993fed46a7eaba5a0a3 httpd-manual-2.0.52-38.ent.s390.rpm
a2e67e1c60caa12e64614bf6d159d95f httpd-suexec-2.0.52-38.ent.s390.rpm
0853b38c906c53890871865dd4023aef mod_ssl-2.0.52-38.ent.s390.rpm

s390x:
f8e62317f8fdfb09d3c31be388bd5d12 httpd-2.0.52-38.ent.s390x.rpm
ba701e454dc885d7f3f775f70e1c7752 httpd-debuginfo-2.0.52-38.ent.s390x.rpm
c9cdf84dfd5066a7d6d8752c160ecdc0 httpd-devel-2.0.52-38.ent.s390x.rpm
b93c030074049ca4cd7a1f46c0f14485 httpd-manual-2.0.52-38.ent.s390x.rpm
c4b00eefd718d03c324a4d6cd4ceb82a httpd-suexec-2.0.52-38.ent.s390x.rpm
f2e5fffbceb41ba8921789b84454164c mod_ssl-2.0.52-38.ent.s390x.rpm

x86_64:
55c8b892978b926e42afd60af24b3749 httpd-2.0.52-38.ent.x86_64.rpm
6b4d6a9e4fd6c159596891743d0ccfe0 httpd-debuginfo-2.0.52-38.ent.x86_64.rpm
cc62fc81c664900fd66a4b25f30d1046 httpd-devel-2.0.52-38.ent.x86_64.rpm
2574c6993386378b9dd9c1f033c0830f httpd-manual-2.0.52-38.ent.x86_64.rpm
c901932e63e90f060a13bcaff5dbe665 httpd-suexec-2.0.52-38.ent.x86_64.rpm
d5abe5155f7e86d6c3551358da6659e9 mod_ssl-2.0.52-38.ent.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-38.ent.src.rpm
30f125952a08e957d2f346c30ef7e7e7 httpd-2.0.52-38.ent.src.rpm

i386:
f95b69b489d295ef96739a29757f55f2 httpd-2.0.52-38.ent.i386.rpm
42d59887a92689c9f81ff10cf626793d httpd-debuginfo-2.0.52-38.ent.i386.rpm
f2fff3fd377adc85d0bed311e2e0f45c httpd-devel-2.0.52-38.ent.i386.rpm
af796b5d498e912c27879906f0d7b9a1 httpd-manual-2.0.52-38.ent.i386.rpm
22c3deae4f0d49aa0051df04ce787de4 httpd-suexec-2.0.52-38.ent.i386.rpm
098b7c0ec963fd46a9db7aa43c7641a7 mod_ssl-2.0.52-38.ent.i386.rpm

x86_64:
55c8b892978b926e42afd60af24b3749 httpd-2.0.52-38.ent.x86_64.rpm
6b4d6a9e4fd6c159596891743d0ccfe0 httpd-debuginfo-2.0.52-38.ent.x86_64.rpm
cc62fc81c664900fd66a4b25f30d1046 httpd-devel-2.0.52-38.ent.x86_64.rpm
2574c6993386378b9dd9c1f033c0830f httpd-manual-2.0.52-38.ent.x86_64.rpm
c901932e63e90f060a13bcaff5dbe665 httpd-suexec-2.0.52-38.ent.x86_64.rpm
d5abe5155f7e86d6c3551358da6659e9 mod_ssl-2.0.52-38.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-38.ent.src.rpm
30f125952a08e957d2f346c30ef7e7e7 httpd-2.0.52-38.ent.src.rpm

i386:
f95b69b489d295ef96739a29757f55f2 httpd-2.0.52-38.ent.i386.rpm
42d59887a92689c9f81ff10cf626793d httpd-debuginfo-2.0.52-38.ent.i386.rpm
f2fff3fd377adc85d0bed311e2e0f45c httpd-devel-2.0.52-38.ent.i386.rpm
af796b5d498e912c27879906f0d7b9a1 httpd-manual-2.0.52-38.ent.i386.rpm
22c3deae4f0d49aa0051df04ce787de4 httpd-suexec-2.0.52-38.ent.i386.rpm
098b7c0ec963fd46a9db7aa43c7641a7 mod_ssl-2.0.52-38.ent.i386.rpm

ia64:
cdce256cd1151d5d3e6b4bc7b8e52780 httpd-2.0.52-38.ent.ia64.rpm
0f15a50cebaf5efbc523419eee3e4f18 httpd-debuginfo-2.0.52-38.ent.ia64.rpm
405b21207461558c006ae8536cd27ef4 httpd-devel-2.0.52-38.ent.ia64.rpm
e94df07dab0db9d976c7970e6ced9583 httpd-manual-2.0.52-38.ent.ia64.rpm
75646a0496eda2196eff7529f983c538 httpd-suexec-2.0.52-38.ent.ia64.rpm
58ab32351e3ecf0e0fd93d1ea4d86c85 mod_ssl-2.0.52-38.ent.ia64.rpm

x86_64:
55c8b892978b926e42afd60af24b3749 httpd-2.0.52-38.ent.x86_64.rpm
6b4d6a9e4fd6c159596891743d0ccfe0 httpd-debuginfo-2.0.52-38.ent.x86_64.rpm
cc62fc81c664900fd66a4b25f30d1046 httpd-devel-2.0.52-38.ent.x86_64.rpm
2574c6993386378b9dd9c1f033c0830f httpd-manual-2.0.52-38.ent.x86_64.rpm
c901932e63e90f060a13bcaff5dbe665 httpd-suexec-2.0.52-38.ent.x86_64.rpm
d5abe5155f7e86d6c3551358da6659e9 mod_ssl-2.0.52-38.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-38.ent.src.rpm
30f125952a08e957d2f346c30ef7e7e7 httpd-2.0.52-38.ent.src.rpm

i386:
f95b69b489d295ef96739a29757f55f2 httpd-2.0.52-38.ent.i386.rpm
42d59887a92689c9f81ff10cf626793d httpd-debuginfo-2.0.52-38.ent.i386.rpm
f2fff3fd377adc85d0bed311e2e0f45c httpd-devel-2.0.52-38.ent.i386.rpm
af796b5d498e912c27879906f0d7b9a1 httpd-manual-2.0.52-38.ent.i386.rpm
22c3deae4f0d49aa0051df04ce787de4 httpd-suexec-2.0.52-38.ent.i386.rpm
098b7c0ec963fd46a9db7aa43c7641a7 mod_ssl-2.0.52-38.ent.i386.rpm

ia64:
cdce256cd1151d5d3e6b4bc7b8e52780 httpd-2.0.52-38.ent.ia64.rpm
0f15a50cebaf5efbc523419eee3e4f18 httpd-debuginfo-2.0.52-38.ent.ia64.rpm
405b21207461558c006ae8536cd27ef4 httpd-devel-2.0.52-38.ent.ia64.rpm
e94df07dab0db9d976c7970e6ced9583 httpd-manual-2.0.52-38.ent.ia64.rpm
75646a0496eda2196eff7529f983c538 httpd-suexec-2.0.52-38.ent.ia64.rpm
58ab32351e3ecf0e0fd93d1ea4d86c85 mod_ssl-2.0.52-38.ent.ia64.rpm

x86_64:
55c8b892978b926e42afd60af24b3749 httpd-2.0.52-38.ent.x86_64.rpm
6b4d6a9e4fd6c159596891743d0ccfe0 httpd-debuginfo-2.0.52-38.ent.x86_64.rpm
cc62fc81c664900fd66a4b25f30d1046 httpd-devel-2.0.52-38.ent.x86_64.rpm
2574c6993386378b9dd9c1f033c0830f httpd-manual-2.0.52-38.ent.x86_64.rpm
c901932e63e90f060a13bcaff5dbe665 httpd-suexec-2.0.52-38.ent.x86_64.rpm
d5abe5155f7e86d6c3551358da6659e9 mod_ssl-2.0.52-38.ent.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHPGCDXlSAg2UNWIIRAmkCAJ4l5qrEN/JgZFf3Z5OPs56nAqYWlACgrwm6
dbX4aTfmevBEGAkI2H0QCzE=
=eIln
-----END PGP SIGNATURE-----