- Issued:
- 2012-02-20
- Updated:
- 2012-02-20
RHBA-2012:0247 - Bug Fix Advisory
Synopsis
mod_revocator bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated mod_revocator packages that fix four bugs are now available for Red Hat
Enterprise Linux 5.
Description
The mod_revocator module retrieves and installs remote Certificate Revocation
Lists (CRLs) into an Apache web server.
This update fixes the following bugs:
- Prior to this update, the mod_revoc module could not shut down the httpd
server on 32-bit platforms and the error log infinitely reported the error
message "service httpd status httpd (pid ) when an expired CRL was downloaded.
This update modifies mod_revocator so that the httpd server can correctly shut
down and the error log now reports the error message "service httpd status httpd
dead but subsys locked". (716355)
- Prior to this update, the mod_revoc module could not shut down the httpd
server on 32-bit platforms when CRLUpdate failed. This update modifies
mod_revocator so that the httpd server can correctly shut down when updating the
CRL fails. (716361)
- Prior to this update, httpd failed to start if the 32-bit mod_revocator was
installed on a 64-bit PowerPC platform. This update modifies the initialization
size of the static array. Now, httpd servicestarts as expected. (716874)
- Prior to this update, CRLs could, under certain circumsatances, silently fail
to be downloaded without any error message when the mod_revocator module was
loaded successfully. This update resolves two segmentation violations. In
addition, the setsebool -P httpd_can_network_connect=1 command can now be used
to allow httpd to connect to a remote port which SELinux would otherwise deny
when running mod_revocator. Now, CRLs are downloaded correctly when the
mod_revocator module is running. (737556)
All users of mod_revocator are advised to upgrade to these updated packages,
which fix these bugs.
Solution
Before applying this update, make sure all previously-released errata relevant
to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 716355 - mod_revocator does not shut down httpd server if expired CRL is fetched
- BZ - 716361 - mod_revocator does not bring down httpd server if CRLUpdate fails
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
| SRPM | |
|---|---|
| mod_revocator-1.0.3-9.el5.src.rpm | SHA-256: 56479c80cad21f565433ff3cbf662d2374a8875a9f09484d7a4fccce569083bd |
| x86_64 | |
| mod_revocator-1.0.3-9.el5.x86_64.rpm | SHA-256: 36e022b26f66e1cda6c0066f0f8f3650faccb642e7e8e1902cc48f47b4e2a4ef |
| ia64 | |
| mod_revocator-1.0.3-9.el5.ia64.rpm | SHA-256: f3db531e54a20684c5a6a133d3e5b99a1c49d0ee1c9c421d8e6bec2d7f270a3a |
| i386 | |
| mod_revocator-1.0.3-9.el5.i386.rpm | SHA-256: 4188e4c6e44183351ddeb0708c8a1962e1866d532018cfa11a9747a32ee12799 |
Red Hat Enterprise Linux Workstation 5
| SRPM | |
|---|---|
| mod_revocator-1.0.3-9.el5.src.rpm | SHA-256: 56479c80cad21f565433ff3cbf662d2374a8875a9f09484d7a4fccce569083bd |
| x86_64 | |
| mod_revocator-1.0.3-9.el5.x86_64.rpm | SHA-256: 36e022b26f66e1cda6c0066f0f8f3650faccb642e7e8e1902cc48f47b4e2a4ef |
| i386 | |
| mod_revocator-1.0.3-9.el5.i386.rpm | SHA-256: 4188e4c6e44183351ddeb0708c8a1962e1866d532018cfa11a9747a32ee12799 |
Red Hat Enterprise Linux for IBM z Systems 5
| SRPM | |
|---|---|
| mod_revocator-1.0.3-9.el5.src.rpm | SHA-256: 56479c80cad21f565433ff3cbf662d2374a8875a9f09484d7a4fccce569083bd |
| s390x | |
| mod_revocator-1.0.3-9.el5.s390x.rpm | SHA-256: 25a911f247566a6c0c3678e3b2f84ef60db849753c46f23de2068647a6230515 |
Red Hat Enterprise Linux for Power, big endian 5
| SRPM | |
|---|---|
| mod_revocator-1.0.3-9.el5.src.rpm | SHA-256: 56479c80cad21f565433ff3cbf662d2374a8875a9f09484d7a4fccce569083bd |
| ppc | |
| mod_revocator-1.0.3-9.el5.ppc.rpm | SHA-256: 76640e19f3d8a9bea24517a85867ea45dbb936dc76884931707b897640bd3b00 |
Red Hat Enterprise Linux Server from RHUI 5
| SRPM | |
|---|---|
| mod_revocator-1.0.3-9.el5.src.rpm | SHA-256: 56479c80cad21f565433ff3cbf662d2374a8875a9f09484d7a4fccce569083bd |
| x86_64 | |
| mod_revocator-1.0.3-9.el5.x86_64.rpm | SHA-256: 36e022b26f66e1cda6c0066f0f8f3650faccb642e7e8e1902cc48f47b4e2a4ef |
| i386 | |
| mod_revocator-1.0.3-9.el5.i386.rpm | SHA-256: 4188e4c6e44183351ddeb0708c8a1962e1866d532018cfa11a9747a32ee12799 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
