- Issued:
- 2007-06-11
- Updated:
- 2007-06-11
RHBA-2007:0445 - Bug Fix Advisory
Synopsis
httpd bug fix update
Type/Severity
Bug Fix Advisory
Topic
Updated httpd packages that fix several bugs are now available.
Description
The Apache HTTP Server is a popular and freely-available Web server.
Bugs fixed in these updated packages include:
- the mod_expires module prevented Expires headers from being sent in
304 responses.
- the mod_setenvif module prevented environment variables being set for
particular configurations.
- the mod_disk_cache module could allow incorrect content-type headers
to be sent in responses served from the cache.
- the handling of regular expressions in the ProxyRemoteMatch directive
in the mod_proxy module was incorrect; the inverse of the result of
matching the regular expression was used to determine whether a remote
proxy server was used.
- a change introduced in a previous update to relax the allowed syntax
of the Host: request header has been reverted.
- the mod_ssl module prevented "close_notify" alerts from being sent
when an SSL/TLS connection was shut down. Clients are unable to detect a
clean SSL connection closure without these alerts being sent.
Users of httpd are advised to upgrade to the updated packages, which
resolve these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux Desktop 3 x86_64
- Red Hat Enterprise Linux Desktop 3 i386
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 3 ppc
Fixes
- BZ - 168850 - mod_expires doesn't correctly add Expires headers for HTTP 304 pages
- BZ - 177322 - mod_deflate doesn't compress documents to MSIE
- BZ - 183880 - Content-type wrong of .css and .html files after enabling mod_cache/mod_disk_cache
- BZ - 218317 - mod_proxy: ProxyRemoteMatch uses remote proxy if regex does *not* match
CVEs
(none)
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.