-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for Red Hat JBoss Core Services
Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 2 Release Notes
For Use with the Red Hat JBoss Core Services Apache HTTP Server 2.4.29
Abstract
Preface
Welcome to the Red Hat JBoss Core Services version 2.4.29 Service Pack 2 release.
This release of Red Hat JBoss Core Services focuses on updates for RHEL 6 and 7. It also covers several security issues as well.
Red Hat JBoss Core Services Apache HTTP Server is an open source web server developed by the Apache Software Foundation. Features of Apache HTTP Server include:
- Implements the current HTTP standards, including HTTP/1.1 and HTTP/2.
- Transport Layer Security (TLS) encryption support though OpenSSL, providing secure connections between the web server and web clients.
- Extendable though modules, some of which are included with the Red Hat JBoss Core Services Apache HTTP Server.
Chapter 1. Installing the Red Hat JBoss Core Services 2.4.29 Service Pack 2
The Apache HTTP Server 2.4.29 Service Pack 2 can be installed using one of the following sections of the installation guide:
For installation instructions for Red Hat Enterprise Linux systems, see:
- For installation instructions for Microsoft Windows systems, see: Installing JBoss Core Services Apache HTTP Server on Microsoft Windows.
- For installation instructions for Solaris systems, see: Installing Apache HTTP Server on Solaris.
Chapter 2. Upgrading to the Red Hat JBoss Core Services Apache HTTP Server 2.4.29
Where a Red Hat JBoss Core Services Apache HTTP Server 2.4.23 or earlier was installed from RPMs packages using yum
, the Apache HTTP Server can be upgraded with yum upgrade
.
For systems where an earlier version of the Red Hat JBoss Core Services Apache HTTP Server was installed from a .zip archive, upgrading to the Apache HTTP Server 2.4.29 Service Pack 2 requires:
- Installing the Apache HTTP Server 2.4.29.
- Setting up the Apache HTTP Server 2.4.29.
- Removing the earlier version of Apache HTTP Server.
Prerequisites
- Root user access (Red Hat Enterprise Linux and Solaris systems)
- Administrative access (Windows Server)
- A system where the Red Hat JBoss Core Services Apache HTTP Server 2.4.23 or earlier was installed from a .zip archive.
Procedure
For systems using the Red Hat JBoss Core Services Apache HTTP Server 2.4.23, the recommended procedure for upgrading to the Apache HTTP Server 2.4.29 is:
- Shutdown any running instances of Red Hat JBoss Core Services Apache HTTP Server 2.4.23.
- Backup the Red Hat JBoss Core Services Apache HTTP Server 2.4.23 installation and configuration files.
- Install the Red Hat JBoss Core Services Apache HTTP Server 2.4.29 using the .zip installation method for the current system (see Additional Resources below).
Migrate your configuration from the Red Hat JBoss Core Services Apache HTTP Server version 2.4.23 to version 2.4.29.
NoteThe Apache HTTP Server configuration files may have changed since the Apache HTTP Server 2.4.23 release. It is recommended that you update the 2.4.29 version configuration files, rather than overwrite them with the configuration files from a different version (such as Apache HTTP Server 2.4.23).
- Remove the Red Hat JBoss Core Services Apache HTTP Server 2.4.23 root directory.
Additional Resources
For installation instructions for Red Hat Enterprise Linux systems, see:
- For installation instructions for Microsoft Windows systems, see: Installing JBoss Core Services Apache HTTP Server on Microsoft Windows.
- For installation instructions for Solaris systems, see: Installing Apache HTTP Server on Solaris.
Chapter 3. Security Fixes
This update includes fixes for the following security related issues:
ID | Impact | Summary |
---|---|---|
Moderate | openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries | |
Moderate | openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang | |
Moderate | libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service | |
Moderate | curl: NTLM type-2 heap out-of-bounds buffer read | |
Low | curl: Out-of-bounds read in code handling HTTP/2 trailers | |
Moderate | curl: HTTP authentication leak in redirects | |
Moderate | curl: FTP path trickery leads to NIL byte out of bounds write | |
Moderate | curl: RTSP RTP buffer over-read | |
Important | httpd: privilege escalation from modules scripts | |
Moderate | curl: NTLMv2 type-3 header stack buffer overflow | |
Low | curl: SMTP end-of-response out-of-bounds read |
Chapter 4. Resolved issues
The following are non-security issues resolved during this release:
Issue | Description |
---|---|
JBCS-620 | httpd segfaults when doing graceful reload |
JBCS-750 | httpd segfaults when doing graceful reload |
JBCS-722 | Rebase to curl 7.64.1 |
Chapter 5. Known issues
There are currently no known issues for this release
Chapter 6. Upgraded components
This release does not include any updates to its components.