- Issued:
- 2012-02-20
- Updated:
- 2012-02-20
RHBA-2012:0247 - mod_revocator bug fix update
Synopsis
mod_revocator bug fix update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated mod_revocator packages that fix four bugs are now available for Red Hat Enterprise Linux 5.
Description
The mod_revocator module retrieves and installs remote Certificate Revocation Lists (CRLs) into an Apache web server.
This update fixes the following bugs:
-
Prior to this update, the mod_revoc module could not shut down the httpd server on 32-bit platforms and the error log infinitely reported the error message "service httpd status httpd (pid ) when an expired CRL was downloaded. This update modifies mod_revocator so that the httpd server can correctly shut down and the error log now reports the error message "service httpd status httpd dead but subsys locked". (716355)
-
Prior to this update, the mod_revoc module could not shut down the httpd server on 32-bit platforms when CRLUpdate failed. This update modifies mod_revocator so that the httpd server can correctly shut down when updating the CRL fails. (716361)
-
Prior to this update, httpd failed to start if the 32-bit mod_revocator was installed on a 64-bit PowerPC platform. This update modifies the initialization size of the static array. Now, httpd servicestarts as expected. (716874)
-
Prior to this update, CRLs could, under certain circumsatances, silently fail to be downloaded without any error message when the mod_revocator module was loaded successfully. This update resolves two segmentation violations. In addition, the setsebool -P httpd_can_network_connect=1 command can now be used to allow httpd to connect to a remote port which SELinux would otherwise deny when running mod_revocator. Now, CRLs are downloaded correctly when the mod_revocator module is running. (737556)
All users of mod_revocator are advised to upgrade to these updated packages, which fix these bugs.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 5 | ppc |
| Red Hat Enterprise Linux for IBM z Systems | 5 | s390x |
| Red Hat Enterprise Linux Workstation | 5 | x86_64 |
| Red Hat Enterprise Linux Workstation | 5 | i386 |
| Red Hat Enterprise Linux Server | 5 | x86_64 |
| Red Hat Enterprise Linux Server | 5 | ia64 |
| Red Hat Enterprise Linux Server | 5 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 5 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 5 | i386 |
Updated Packages
- mod_revocator-1.0.3-9.el5.ppc.rpm
- mod_revocator-1.0.3-9.el5.x86_64.rpm
- mod_revocator-1.0.3-9.el5.s390x.rpm
- mod_revocator-1.0.3-9.el5.src.rpm
- mod_revocator-1.0.3-9.el5.i386.rpm
- mod_revocator-1.0.3-9.el5.ia64.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.