Description of problem: The Apache HTTP Server Project is proud to announce the release of version 2.2.15 of the Apache HTTP Server ("httpd"). This version is principally a security and bugfix release. Notably, this release was updated to reflect the OpenSSL Project's release 0.9.8m of the openssl library, and addresses CVE-2009-3555 (cve.mitre.org), the TLS renegotiation prefix injection attack. This release further addresses the issues CVE-2010-0408, CVE-2010-0425 and CVE-2010-0434 within mod_proxy_ajp, mod_isapi and mod_headers respectively. This version of httpd is a major release and the start of a new stable branch, and represents the best available version of Apache HTTP Server. New features include Smart Filtering, Improved Caching, AJP Proxy, Proxy Load Balancing, Graceful Shutdown support, Large File Support, the Event MPM, and refactored Authentication/Authorization. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
0425 is Windows-only: http://httpd.apache.org/security/vulnerabilities_22.html#2.2.15
Agreed that is why I did not list 0425, but still leaves CVE-2010-0408 and CVE-2010-0434 I forgot to mention CVE-2010-0425 (if your using the mod_isapi module. Cheers
Woops - mentioned in the actual bug (rather than the description of the problem which is all the CVS as that was cut and paste from apache). Bug 572404 - httpd 2.2.15 released - bug fixes and security updates - CVE-2010-0408 and CVE-2010-0434 Cheers
Any update? Not seen any 2.2.15 builds for any os in koji yet.
I have built a httpd-2.2.15-0 and using on 3 servers, not had an issue. any updates yet?
httpd-2.2.15-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/httpd-2.2.15-1.fc13
httpd-2.2.15-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/httpd-2.2.15-1.fc12
httpd-2.2.15-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/httpd-2.2.15-1.fc11
httpd-2.2.15-1.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update httpd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/httpd-2.2.15-1.fc13
It's been pushed for F13, but in admin updates F11 still shows pending, can it be pushed for today's sync? Thanks!
httpd-2.2.15-1.fc12.1 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/httpd-2.2.15-1.fc12.1
httpd-2.2.15-1.fc11.1 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/httpd-2.2.15-1.fc11.1
httpd-2.2.15-1.fc12.1 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update httpd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/httpd-2.2.15-1.fc12.1
httpd-2.2.15-1.fc11.1 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update httpd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/httpd-2.2.15-1.fc11.1
httpd-2.2.15-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
httpd-2.2.15-1.fc11.1 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
httpd-2.2.15-1.fc12.2 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.