Issued:

2012-02-20

Updated:

2012-02-20

RHBA-2012:0261 - httpd bug fix and enhancement update

Synopsis

httpd bug fix and enhancement update

Type/Severity

Bug Fix Advisory (none)

Topic

Updated httpd packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 5.

Description

The Apache HTTP Server ("httpd") is the namesake project of The Apache Software Foundation.

These updated httpd packages provide fixes for the following bugs:

• In situations when httpd could not allocate memory, httpd sometimes terminated unexpectedly with a segmentation fault rather than terminating the process with an error message. With this update, a patch has been applied to correct this bug and httpd no longer crashes in the scenario described. (BZ#700322)

• When the "SSLCryptoDevice" config variable in "ssl.conf" was set to an unknown or invalid value, the httpd daemon would terminate unexpectedly with a segmentation fault at startup. With this update the code has been corrected, httpd no longer crashes, and httpd issues an appropriate error message in this scenario. (BZ#767990)

In addition, these updated httpd packages provide the following enhancements:

• The rotatelogs program now provides a new "rotatelogs -c" option to create log files for each set interval, even if empty. (BZ#677279)

• The rotatelogs program now provides a new "rotatelogs -p" option to execute a custom program after each log rotation. (BZ#677288)

• The Apache module mod_proxy now allows changing the BalancerMember state in the web interface. (BZ#709869)

• The Apache module mod_alias now supports redirecting to a local path (that is, a partial URL). (BZ#714725)

• The Apache module mod_proxy now supports the "connectiontimeout" parameter. (BZ#719907)

• The httpd service is now automatically restarted after a package upgrade, if the service is running. (BZ#719941)

Users are advised to upgrade to these updated httpd packages, which fix these bugs and add these enhancements.

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259

Affected Products

Updated Packages

• httpd-2.2.3-63.el5.ia64.rpm
• httpd-manual-2.2.3-63.el5.x86_64.rpm
• mod_ssl-2.2.3-63.el5.x86_64.rpm
• mod_ssl-2.2.3-63.el5.s390x.rpm
• httpd-devel-2.2.3-63.el5.ppc64.rpm
• httpd-2.2.3-63.el5.s390x.rpm
• httpd-devel-2.2.3-63.el5.x86_64.rpm
• mod_ssl-2.2.3-63.el5.i386.rpm
• httpd-manual-2.2.3-63.el5.ppc.rpm
• httpd-manual-2.2.3-63.el5.i386.rpm
• httpd-manual-2.2.3-63.el5.s390x.rpm
• httpd-devel-2.2.3-63.el5.s390.rpm
• httpd-devel-2.2.3-63.el5.ppc.rpm
• httpd-2.2.3-63.el5.x86_64.rpm
• mod_ssl-2.2.3-63.el5.ppc.rpm
• httpd-2.2.3-63.el5.ppc.rpm
• httpd-2.2.3-63.el5.i386.rpm
• httpd-devel-2.2.3-63.el5.ia64.rpm
• httpd-2.2.3-63.el5.src.rpm
• httpd-devel-2.2.3-63.el5.s390x.rpm
• httpd-manual-2.2.3-63.el5.ia64.rpm
• mod_ssl-2.2.3-63.el5.ia64.rpm
• httpd-devel-2.2.3-63.el5.i386.rpm

Fixes

• This content is not included.BZ - 677279
• This content is not included.BZ - 677288
• This content is not included.BZ - 767990

CVEs

(none)

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.