Bug 736594 - httpd: RHSA-2011:1245 regressions [rhel-4]
Summary: httpd: RHSA-2011:1245 regressions [rhel-4]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: httpd
Version: 4.8
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Joe Orton
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-08 08:00 UTC by Tomas Hoger
Modified: 2018-11-14 10:29 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-10-20 16:56:45 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1392 normal SHIPPED_LIVE Moderate: httpd security and bug fix update 2011-10-20 16:56:30 UTC
Red Hat Knowledge Base (Legacy) 61709 None None None Never

Description Tomas Hoger 2011-09-08 08:00:45 UTC
+++ This bug was initially created as a clone of Bug #736592 +++

Description of problem:
RHSA-2011:1245 provided a fix for CVE-2011-3192, which significantly changed Ranges handling code and resulted in few regressions:

suffix-byte-range-spec ("-" suffix-length) were handled as equivalent to 0-suffix-length, resulting in the first suffix-length + 1 bytes being returned, rather than last suffix-length bytes.  Reported upstream in:
https://issues.apache.org/bugzilla/show_bug.cgi?id=51748

httpd did not return 416 error when all specified ranges were unsatisfiable. This can happen if range specification is syntactically incorrect, or if first-byte-pos is behind the end of the file.

The fix as applied to upstream 2.2.x SVN branch:
http://svn.apache.org/viewvc?view=revision&revision=1165607

Comment 4 errata-xmlrpc 2011-10-20 16:56:45 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1392.html


Note You need to log in before you can comment on or make changes to this bug.