- Issued:
- 2014-09-16
- Updated:
- 2014-09-16
RHBA-2014:1232 - httpd bug fix and enhancement update
Synopsis
httpd bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Topic
Updated httpd packages that fix several bugs and add two enhancements are now available for Red Hat Enterprise Linux 5.
Description
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
This update fixes the following bugs:
-
Previously, the mod_proxy_connect module did not correctly handle signals while waiting for a backend server to close the connection. With this update, signals are ignored while processing connection closure, thus fixing the bug. (BZ#976465)
-
Due to a bug in the mod_proxy_http module, the "proxy: error reading response" error message was logged into the global error log even when there was a VirtualHost-specific error log configured. With this update, the aforementioned error message is logged into the correct log file. (BZ#1003073)
-
Previously, a bug in handling the attribute values in the mod_ldap module could lead to a segmentation fault when LDAP dynamic groups were configured. The handling of attribute values has been fixed, and mod_ldap now works as intended. (BZ#1047319)
-
Due to a bug in the lock handling in the mod_ldap module, httpd processes could enter a loop continually consuming CPU time in some LDAP configurations. A patch has been applied to correct the lock handling, and LDAP configurations now work correctly. (BZ#1101385)
In addition, this update adds the following enhancements:
-
The mod_authnz_ldap module can set environment variables based on LDAP attributes. However, these variables were only available when LDAP authentication was configured. With this update, environment variables are set for LDAP attributes if LDAP is used for authorization only. (BZ#1038276)
-
A mod_ssl configuration with very large Certificate Revocation Lists (CRLs) could result in excessive memory consumption as the CRLs could be cached in the memory. A new configuration directive, "SSLDisableCRLCaching", which disables CRL caching and allows lower memory use in such configurations, has been added to mod_ssl. (BZ#1058426)
Users of httpd are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing the updated packages, the httpd daemon will be restarted automatically.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 5 | ppc |
| Red Hat Enterprise Linux for IBM z Systems | 5 | s390x |
| Red Hat Enterprise Linux Workstation | 5 | x86_64 |
| Red Hat Enterprise Linux Workstation | 5 | i386 |
| Red Hat Enterprise Linux Server | 5 | x86_64 |
| Red Hat Enterprise Linux Server | 5 | ia64 |
| Red Hat Enterprise Linux Server | 5 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 5 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 5 | i386 |
| Red Hat Enterprise Linux Desktop | 5 | x86_64 |
| Red Hat Enterprise Linux Desktop | 5 | i386 |
Updated Packages
- httpd-manual-2.2.3-91.el5.ia64.rpm
- httpd-2.2.3-91.el5.s390x.rpm
- mod_ssl-2.2.3-91.el5.ppc.rpm
- httpd-devel-2.2.3-91.el5.ppc64.rpm
- httpd-2.2.3-91.el5.i386.rpm
- httpd-manual-2.2.3-91.el5.s390x.rpm
- httpd-devel-2.2.3-91.el5.i386.rpm
- httpd-devel-2.2.3-91.el5.x86_64.rpm
- httpd-debuginfo-2.2.3-91.el5.ppc.rpm
- httpd-devel-2.2.3-91.el5.s390x.rpm
- httpd-debuginfo-2.2.3-91.el5.i386.rpm
- httpd-2.2.3-91.el5.src.rpm
- httpd-manual-2.2.3-91.el5.x86_64.rpm
- httpd-devel-2.2.3-91.el5.ppc.rpm
- httpd-2.2.3-91.el5.ppc.rpm
- httpd-debuginfo-2.2.3-91.el5.ia64.rpm
- mod_ssl-2.2.3-91.el5.ia64.rpm
- mod_ssl-2.2.3-91.el5.s390x.rpm
- httpd-debuginfo-2.2.3-91.el5.s390.rpm
- mod_ssl-2.2.3-91.el5.i386.rpm
- httpd-debuginfo-2.2.3-91.el5.x86_64.rpm
- httpd-manual-2.2.3-91.el5.ppc.rpm
- httpd-debuginfo-2.2.3-91.el5.ppc64.rpm
- httpd-debuginfo-2.2.3-91.el5.s390x.rpm
- httpd-manual-2.2.3-91.el5.i386.rpm
- httpd-2.2.3-91.el5.ia64.rpm
- httpd-2.2.3-91.el5.x86_64.rpm
- mod_ssl-2.2.3-91.el5.x86_64.rpm
- httpd-devel-2.2.3-91.el5.s390.rpm
- httpd-devel-2.2.3-91.el5.ia64.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.