Bug 517936

Summary: httpd/SSL memory leak
Product: [Fedora] Fedora Reporter: T. Howell-Cintron <thowellcintron>
Component: httpdAssignee: Joe Orton <jorton>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 11CC: jorton, pahan, thowellcintron
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-08-18 10:21:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description T. Howell-Cintron 2009-08-18 02:12:45 UTC 
Description of problem:
The latest version of Apache appears to be afflicted with a bug that allows remote attackers to cause a denial-of-service via multiple calls.  This is CVE-2008-1678.

Version-Release number of selected component (if applicable):
  httpd-2.2.11-8.i586

Additional info:
RHEL5 has a security advisory and updated packages under RHSA-2009:1075-1.  These packages also address the Options bug reported in CVE-2009-1195.
Comment 1 Joe Orton 2009-08-18 10:21:15 UTC 
CVE-2008-1678 was fixed in 2.2.9.

2.2.13 updates are being built which will fix CVE-2009-1195 et al.