- Issued:
- 2011-12-06
- Updated:
- 2011-12-06
RHBA-2011:1630 - httpd bug fix update
Synopsis
httpd bug fix update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated httpd packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
Description
The Apache HTTP Server is a popular web server.
These updated httpd packages provide fixes for the following bugs:
-
The Apache module "mod_proxy" implements a proxy or gateway for the Apache web server. The "ProxyErrorOverride On" option did not work if used with "mod_proxy_ajp", the AJP support module for mod_proxy. Consequently when accessing a 404 URL in the "/static" context, which was proxied with AJP, the 404 page from the proxy was displayed rather than the 404 page from Apache itself. This update corrects the code and accessing 404 URLs now works as intended, via Apache, as defined in "ErrorDocument". (BZ#694939)
-
When a backend server sends data via SSL, and is using chunked transfer encoding, the backend splits the chunk between two different SSL blocks. Prior to this update, when transferring data via SSL through a reverse proxy implemented with Apache, "mod_proxy", and "mod_ssl", the end of the first SSL block was sometimes lost and the length of the next chunk was thus invalid. Consequently, files were sometimes corrupted during transfer via SSL. This updates implements a backported fix to this problem and the error no longer occurs. (BZ#700074)
-
The "FilterProvider" directive of the "mod_filter" module was unable to match against non-standard HTTP response headers. Consequently, output content data was not filtered or processed as expected by httpd in certain configurations. With this update, a backported patch has been applied to address this issue, and the FilterProvider directive is now able to match against non-standard HTTP response headers as expected. (BZ#700075)
-
In situations where httpd could not allocate memory, httpd sometimes terminated unexpectedly with a segmentation fault rather than terminating the process with an error message. With this update, a patch has been applied to correct this issue and httpd no longer crashes in the scenario described. (BZ#700393)
-
Server Name Indication (SNI) sends the name of the virtual domain as part of the TLS negotiation. Prior to this enhancement, if a client sent the wrong SNI data the client would be rejected. With this update, in configurations where SNI is not required, "mod_ssl" can ignore the SNI hostname "hint". (BZ#714704)
-
Prior to this update, httpd terminated unexpectedly on startup with a segmentation fault when proxy client certificates were shared across multiple virtual hosts (using the SSLProxyMachineCertificateFile directive). With this update a patch has been applied and httpd no longer crashes in the scenario described. (BZ# 720980)
-
When the "SSLCryptoDevice" config variable in "ssl.conf" was set to an unknown or invalid value, the httpd daemon would terminate unexpectedly with a segmentation fault at startup. With this update the code has been corrected, httpd no longer crashes, and httpd will issue an appropriate error message in this scenario. (BZ#729585)
-
If using mod_proxy_ftp, an httpd process could terminated unexpectedly with a segmentation fault when tests were made on an IPv6 localhost enabled machine. This update implements improvements to the code and the mod_proxy_ftp process no longer crashes in the scenario described. (BZ#737960)
-
When using the "mod_cache" module, by default, the "CacheMaxExpire" directive is only applied to responses which do not specify their expiry date. Previously, it was not possible to limit the maximum expiry time for all resources. This update applies a patch which adapts the mod_cache module to provide support for "hard" as a second argument of the CacheMaxExpire directive, allowing a maximum expiry time to be enforced for all resources. (BZ#740242)
-
The "mod_reqtimeout" module, when enabled, allows fine-grained timeouts to be applied during request parsing. The mod_reqtimeout module has been backported from upstream in this update. (BZ#676634)
All users of httpd are advised to upgrade to these updated packages, which fix these bugs.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- httpd-2.2.15-15.el6.src.rpm
- httpd-devel-2.2.15-15.el6.ppc64.rpm
- httpd-debuginfo-2.2.15-15.el6.x86_64.rpm
- httpd-tools-2.2.15-15.el6.ppc64.rpm
- httpd-debuginfo-2.2.15-15.el6.s390.rpm
- mod_ssl-2.2.15-15.el6.s390x.rpm
- mod_ssl-2.2.15-15.el6.i686.rpm
- httpd-tools-2.2.15-15.el6.i686.rpm
- httpd-2.2.15-15.el6.i686.rpm
- httpd-devel-2.2.15-15.el6.x86_64.rpm
- httpd-debuginfo-2.2.15-15.el6.i686.rpm
- httpd-devel-2.2.15-15.el6.i686.rpm
- mod_ssl-2.2.15-15.el6.ppc64.rpm
- httpd-debuginfo-2.2.15-15.el6.s390x.rpm
- httpd-2.2.15-15.el6.s390x.rpm
- httpd-devel-2.2.15-15.el6.ppc.rpm
- httpd-tools-2.2.15-15.el6.s390x.rpm
- httpd-devel-2.2.15-15.el6.s390.rpm
- httpd-2.2.15-15.el6.ppc64.rpm
- httpd-tools-2.2.15-15.el6.x86_64.rpm
- mod_ssl-2.2.15-15.el6.x86_64.rpm
- httpd-debuginfo-2.2.15-15.el6.ppc.rpm
- httpd-devel-2.2.15-15.el6.s390x.rpm
- httpd-2.2.15-15.el6.x86_64.rpm
- httpd-manual-2.2.15-15.el6.noarch.rpm
- httpd-debuginfo-2.2.15-15.el6.ppc64.rpm
Fixes
- This content is not included.BZ - 676634
- This content is not included.BZ - 694939
- This content is not included.BZ - 700074
- This content is not included.BZ - 700075
- This content is not included.BZ - 729585
- This content is not included.BZ - 740242
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.