Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Errata Announcements for Oracle Linux <el-errata <at> oss.oracle.com>
Subject: ELSA-2013-0512 Low: Oracle Linux 6 httpd security, bug fix, and enhancement update
Newsgroups: gmane.linux.oracle.el-errata
Date: Monday 25th February 2013 18:41:06 UTC (over 3 years ago)
Oracle Linux Security Advisory ELSA-2013-0512

https://rhn.redhat.com/errata/RHSA-2013-0512.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
httpd-2.2.15-26.0.1.el6.i686.rpm
httpd-devel-2.2.15-26.0.1.el6.i686.rpm
httpd-manual-2.2.15-26.0.1.el6.noarch.rpm
httpd-tools-2.2.15-26.0.1.el6.i686.rpm
mod_ssl-2.2.15-26.0.1.el6.i686.rpm

x86_64:
httpd-2.2.15-26.0.1.el6.x86_64.rpm
httpd-devel-2.2.15-26.0.1.el6.i686.rpm
httpd-devel-2.2.15-26.0.1.el6.x86_64.rpm
httpd-manual-2.2.15-26.0.1.el6.noarch.rpm
httpd-tools-2.2.15-26.0.1.el6.x86_64.rpm
mod_ssl-2.2.15-26.0.1.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/httpd-2.2.15-26.0.1.el6.src.rpm



Description of changes:

[2.2.15-26.0.1.el6]
- replace index.html with Oracle's index page oracle_index.html
   update vstring in specfile

[2.2.15-26]
- htcacheclean: exit with code 4 also for "restart" action (#805810)

[2.2.15-25]
- htcacheclean: exit with code 4 if nonprivileged user runs initscript 
(#805810)
- rotatelogs: omit the second arg when invoking a post-rotate program 
(#876923)

[2.2.15-24]
- mod_ssl: improved patch for mod_nss fallback (w/mharmsen, #805720)

[2.2.15-23]
- mod_log_config: fix cookie parsing substring mismatch (#867268)

[2.2.15-22]
- mod_cache: fix header merging for 304 case, thanks to Roy Badami
(#868283)
- mod_cache: fix handling of 304 responses (#868253)

[2.2.15-21]
- mod_proxy_ajp: ignore flushing if headers have not been sent (#853160)
- mod_proxy_ajp: do not mark worker in error state when one request
   timeouts (#864317)
- mod_ssl: do not run post script if all files are already created
(#752618)

[2.2.15-20]
- add htcacheclean init script (Jan Kaluza, #805810)

[2.2.15-19]
- mod_ssl: fall back on another module's proxy hook if mod_ssl proxy
   is not configured. (#805720)

[2.2.15-18]
- add security fix for CVE-2012-2687 (#850794)

[2.2.15-17]
- mod_proxy: allow change BalancerMember state in web interface (#748400)
- mod_proxy: Tone down "worker [URL] used by another worker" warning 
(#787247)
- mod_proxy: add support for "failonstatus" option (#824571)
- mod_proxy: avoid DNS lookup on hostname from request URI if
   ProxyRemote* is configured (#837086)
- rotatelogs: create files even if they are empty (#757739)
- rotatelogs: option to rotate files into a custom location (#757735)
- rotatelogs: add support for -L option (#838493)
- fix handling of long chunk-line (#842376)
- add server aliases to "httpd -S" output (#833092)
- omit %posttrans daemon restart if
    /etc/sysconfig/httpd-disable-posttrans exists (#833064)
- mod_ldap: treat LDAP_UNAVAILABLE as a transient error (#829689)
- ab: fix double free when SSL request fails in verbose mode (#837613)
- mod_cache: do not cache partial results (#822587)
- mod_ldap: add LDAPReferrals directive alias (#796958)
- mod_ssl: add _userID DN variable suffix for NID_userId (#842375)
- mod_ssl: fix test for missing decrypted private keys, and ensure that
   the keypair matches (#848954)
- mod_authnz_ldap: set AUTHORIZE_* variables in LDAP authorization
(#828896)
- relax checks for status-line validity (#853348)

[2.2.15-16]
- add security fixes for CVE-2011-4317, CVE-2012-0053, CVE-2012-0031,
   CVE-2011-3607 (#787599)
- obviates fix for CVE-2011-3638, patch removed
 
CD: 40ms