Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2006:0159 - Security Advisory
Issued:
2006-01-05
Updated:
2006-01-05

RHSA-2006:0159 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

httpd security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated Apache httpd packages that correct three security issues are now
available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The Apache HTTP Server is a popular and freely-available Web server.

A memory leak in the worker MPM could allow remote attackers to cause a
denial of service (memory consumption) via aborted connections, which
prevents the memory for the transaction pool from being reused for other
connections. The Common Vulnerabilities and Exposures project assigned the
name CVE-2005-2970 to this issue. This vulnerability only affects users
who are using the non-default worker MPM.

A flaw in mod_imap when using the Referer directive with image maps was
discovered. With certain site configurations, a remote attacker could
perform a cross-site scripting attack if a victim can be forced to visit a
malicious URL using certain web browsers. (CVE-2005-3352)

A NULL pointer dereference flaw in mod_ssl was discovered affecting server
configurations where an SSL virtual host is configured with access control
and a custom 400 error document. A remote attacker could send a carefully
crafted request to trigger this issue which would lead to a crash. This
crash would only be a denial of service if using the non-default worker
MPM. (CVE-2005-3357)

Users of httpd should update to these erratum packages which contain
backported patches to correct these issues along with some additional bugs.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

  • BZ - 170383 - mod_ssl per-directory renegotiation with request body
  • BZ - 171756 - CVE-2005-2970 httpd worker MPM memory consumption DoS
  • BZ - 175602 - CVE-2005-3352 cross-site scripting flaw in mod_imap
  • BZ - 175720 - CVE-2005-3357 mod_ssl crash

CVEs

  • CVE-2005-3352
  • CVE-2005-2970
  • CVE-2005-3357

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
httpd-2.0.52-22.ent.src.rpm SHA-256: 1c91cc5f80fdf18d88b0ab678dcd2b655331fd4229c53e3760d0bcac1508d9b7
x86_64
httpd-2.0.52-22.ent.x86_64.rpm SHA-256: de945c138a2606f3600983aacf75180f04828e28576cea593c1cf0815c8ff521
httpd-2.0.52-22.ent.x86_64.rpm SHA-256: de945c138a2606f3600983aacf75180f04828e28576cea593c1cf0815c8ff521
httpd-devel-2.0.52-22.ent.x86_64.rpm SHA-256: f1a5e61309f112f388b14c214cee11c1bd5cfb3d961258dbf98755f3014139f6
httpd-devel-2.0.52-22.ent.x86_64.rpm SHA-256: f1a5e61309f112f388b14c214cee11c1bd5cfb3d961258dbf98755f3014139f6
httpd-manual-2.0.52-22.ent.x86_64.rpm SHA-256: 2cababb55eb33d0f5551ab3ca0de5528d687475078a919fdb0364bba70637dea
httpd-manual-2.0.52-22.ent.x86_64.rpm SHA-256: 2cababb55eb33d0f5551ab3ca0de5528d687475078a919fdb0364bba70637dea
httpd-suexec-2.0.52-22.ent.x86_64.rpm SHA-256: a4de8ce7fd615c306f7d83367812cd45efd1834a0f9cf2103ad45d10b9bb69fe
httpd-suexec-2.0.52-22.ent.x86_64.rpm SHA-256: a4de8ce7fd615c306f7d83367812cd45efd1834a0f9cf2103ad45d10b9bb69fe
mod_ssl-2.0.52-22.ent.x86_64.rpm SHA-256: d2e556148e10f3868906a927a50d3683baf792f2fc1d2162a21b40dae91d7423
mod_ssl-2.0.52-22.ent.x86_64.rpm SHA-256: d2e556148e10f3868906a927a50d3683baf792f2fc1d2162a21b40dae91d7423
ia64
httpd-2.0.52-22.ent.ia64.rpm SHA-256: 260d2cb8f8bf75b80cb3b6fa0b3dd3adf5a9c699133677d5f822a0fe4d40f075
httpd-2.0.52-22.ent.ia64.rpm SHA-256: 260d2cb8f8bf75b80cb3b6fa0b3dd3adf5a9c699133677d5f822a0fe4d40f075
httpd-devel-2.0.52-22.ent.ia64.rpm SHA-256: 5b9135afd08dbada02a5726593afbeb7dffd9fe8266fb7fcbcf62af96796a624
httpd-devel-2.0.52-22.ent.ia64.rpm SHA-256: 5b9135afd08dbada02a5726593afbeb7dffd9fe8266fb7fcbcf62af96796a624
httpd-manual-2.0.52-22.ent.ia64.rpm SHA-256: 1f9e0713523bad7d4bb59e77d9828376fa40925df1acbc7f5736096a0cca88da
httpd-manual-2.0.52-22.ent.ia64.rpm SHA-256: 1f9e0713523bad7d4bb59e77d9828376fa40925df1acbc7f5736096a0cca88da
httpd-suexec-2.0.52-22.ent.ia64.rpm SHA-256: aa76bee70f807c549e1d6ee4b510a2a448babe9fa437d5c518763c2efae6d0c2
httpd-suexec-2.0.52-22.ent.ia64.rpm SHA-256: aa76bee70f807c549e1d6ee4b510a2a448babe9fa437d5c518763c2efae6d0c2
mod_ssl-2.0.52-22.ent.ia64.rpm SHA-256: eebdf93f553abe020a0bb40b9040d5959ea39876f3b386db4a251172149583d0
mod_ssl-2.0.52-22.ent.ia64.rpm SHA-256: eebdf93f553abe020a0bb40b9040d5959ea39876f3b386db4a251172149583d0
i386
httpd-2.0.52-22.ent.i386.rpm SHA-256: 45eb2eb146f24f749ab682c09dc3f8d8b81b09a966eaf5f41911d6021a17ab49
httpd-2.0.52-22.ent.i386.rpm SHA-256: 45eb2eb146f24f749ab682c09dc3f8d8b81b09a966eaf5f41911d6021a17ab49
httpd-devel-2.0.52-22.ent.i386.rpm SHA-256: 14a49d69c6853a31cc02120083f851ee5d56a6e5e6248d654b1396070e08c61a
httpd-devel-2.0.52-22.ent.i386.rpm SHA-256: 14a49d69c6853a31cc02120083f851ee5d56a6e5e6248d654b1396070e08c61a
httpd-manual-2.0.52-22.ent.i386.rpm SHA-256: 9246740854d7167937c2ee0fd25796aeebcd7430171d01df9de97ed53ec3e6d9
httpd-manual-2.0.52-22.ent.i386.rpm SHA-256: 9246740854d7167937c2ee0fd25796aeebcd7430171d01df9de97ed53ec3e6d9
httpd-suexec-2.0.52-22.ent.i386.rpm SHA-256: 2948fe3f8d88e4d118930a8cb2223f72a633aaf119d6a269960fa38291153ebb
httpd-suexec-2.0.52-22.ent.i386.rpm SHA-256: 2948fe3f8d88e4d118930a8cb2223f72a633aaf119d6a269960fa38291153ebb
mod_ssl-2.0.52-22.ent.i386.rpm SHA-256: efdad271ba6d55987839aad96fd861c65e6d302285bd88bd5d927f139395e202
mod_ssl-2.0.52-22.ent.i386.rpm SHA-256: efdad271ba6d55987839aad96fd861c65e6d302285bd88bd5d927f139395e202

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
httpd-2.0.52-22.ent.src.rpm SHA-256: 1c91cc5f80fdf18d88b0ab678dcd2b655331fd4229c53e3760d0bcac1508d9b7
x86_64
httpd-2.0.52-22.ent.x86_64.rpm SHA-256: de945c138a2606f3600983aacf75180f04828e28576cea593c1cf0815c8ff521
httpd-devel-2.0.52-22.ent.x86_64.rpm SHA-256: f1a5e61309f112f388b14c214cee11c1bd5cfb3d961258dbf98755f3014139f6
httpd-manual-2.0.52-22.ent.x86_64.rpm SHA-256: 2cababb55eb33d0f5551ab3ca0de5528d687475078a919fdb0364bba70637dea
httpd-suexec-2.0.52-22.ent.x86_64.rpm SHA-256: a4de8ce7fd615c306f7d83367812cd45efd1834a0f9cf2103ad45d10b9bb69fe
mod_ssl-2.0.52-22.ent.x86_64.rpm SHA-256: d2e556148e10f3868906a927a50d3683baf792f2fc1d2162a21b40dae91d7423
ia64
httpd-2.0.52-22.ent.ia64.rpm SHA-256: 260d2cb8f8bf75b80cb3b6fa0b3dd3adf5a9c699133677d5f822a0fe4d40f075
httpd-devel-2.0.52-22.ent.ia64.rpm SHA-256: 5b9135afd08dbada02a5726593afbeb7dffd9fe8266fb7fcbcf62af96796a624
httpd-manual-2.0.52-22.ent.ia64.rpm SHA-256: 1f9e0713523bad7d4bb59e77d9828376fa40925df1acbc7f5736096a0cca88da
httpd-suexec-2.0.52-22.ent.ia64.rpm SHA-256: aa76bee70f807c549e1d6ee4b510a2a448babe9fa437d5c518763c2efae6d0c2
mod_ssl-2.0.52-22.ent.ia64.rpm SHA-256: eebdf93f553abe020a0bb40b9040d5959ea39876f3b386db4a251172149583d0
i386
httpd-2.0.52-22.ent.i386.rpm SHA-256: 45eb2eb146f24f749ab682c09dc3f8d8b81b09a966eaf5f41911d6021a17ab49
httpd-devel-2.0.52-22.ent.i386.rpm SHA-256: 14a49d69c6853a31cc02120083f851ee5d56a6e5e6248d654b1396070e08c61a
httpd-manual-2.0.52-22.ent.i386.rpm SHA-256: 9246740854d7167937c2ee0fd25796aeebcd7430171d01df9de97ed53ec3e6d9
httpd-suexec-2.0.52-22.ent.i386.rpm SHA-256: 2948fe3f8d88e4d118930a8cb2223f72a633aaf119d6a269960fa38291153ebb
mod_ssl-2.0.52-22.ent.i386.rpm SHA-256: efdad271ba6d55987839aad96fd861c65e6d302285bd88bd5d927f139395e202

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
httpd-2.0.52-22.ent.src.rpm SHA-256: 1c91cc5f80fdf18d88b0ab678dcd2b655331fd4229c53e3760d0bcac1508d9b7
x86_64
httpd-2.0.52-22.ent.x86_64.rpm SHA-256: de945c138a2606f3600983aacf75180f04828e28576cea593c1cf0815c8ff521
httpd-devel-2.0.52-22.ent.x86_64.rpm SHA-256: f1a5e61309f112f388b14c214cee11c1bd5cfb3d961258dbf98755f3014139f6
httpd-manual-2.0.52-22.ent.x86_64.rpm SHA-256: 2cababb55eb33d0f5551ab3ca0de5528d687475078a919fdb0364bba70637dea
httpd-suexec-2.0.52-22.ent.x86_64.rpm SHA-256: a4de8ce7fd615c306f7d83367812cd45efd1834a0f9cf2103ad45d10b9bb69fe
mod_ssl-2.0.52-22.ent.x86_64.rpm SHA-256: d2e556148e10f3868906a927a50d3683baf792f2fc1d2162a21b40dae91d7423
i386
httpd-2.0.52-22.ent.i386.rpm SHA-256: 45eb2eb146f24f749ab682c09dc3f8d8b81b09a966eaf5f41911d6021a17ab49
httpd-devel-2.0.52-22.ent.i386.rpm SHA-256: 14a49d69c6853a31cc02120083f851ee5d56a6e5e6248d654b1396070e08c61a
httpd-manual-2.0.52-22.ent.i386.rpm SHA-256: 9246740854d7167937c2ee0fd25796aeebcd7430171d01df9de97ed53ec3e6d9
httpd-suexec-2.0.52-22.ent.i386.rpm SHA-256: 2948fe3f8d88e4d118930a8cb2223f72a633aaf119d6a269960fa38291153ebb
mod_ssl-2.0.52-22.ent.i386.rpm SHA-256: efdad271ba6d55987839aad96fd861c65e6d302285bd88bd5d927f139395e202

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
httpd-2.0.52-22.ent.src.rpm SHA-256: 1c91cc5f80fdf18d88b0ab678dcd2b655331fd4229c53e3760d0bcac1508d9b7
s390x
httpd-2.0.52-22.ent.s390x.rpm SHA-256: ddb2f6b2ac811a83d4d9edd4c732c2011c1bdb60e553d5e5658236eacec670b0
httpd-devel-2.0.52-22.ent.s390x.rpm SHA-256: c01ad3a40b940acfe62c02ae9acd7430ac737438cb399f57f0fd25dc632d061a
httpd-manual-2.0.52-22.ent.s390x.rpm SHA-256: bb453edade081b3bdc142994bc71e15e310c4ee73a17bbf347f557c7a2a34885
httpd-suexec-2.0.52-22.ent.s390x.rpm SHA-256: 4de27db7a6854f6299be91caa47cc3005482a706951f179ca44615a66e4940b4
mod_ssl-2.0.52-22.ent.s390x.rpm SHA-256: 4d9a83e9de1385d0df6cee76f6c0edc16b6e7956cffd9ae68de5ac9c7221076d
s390
httpd-2.0.52-22.ent.s390.rpm SHA-256: b8a9a0c65d527e8c3459769f226aad4ece81d17151e80676c5ff1e23506f96af
httpd-devel-2.0.52-22.ent.s390.rpm SHA-256: df512d2d15dfaafcb1a73fb9bff6886d5dfdc24b447360978bec6c34ca0db058
httpd-manual-2.0.52-22.ent.s390.rpm SHA-256: db70008189876ba42d1e9a74a7e54fe88eecbc66b3aac411dae6a1d21e75a4d7
httpd-suexec-2.0.52-22.ent.s390.rpm SHA-256: e36b4967971c455309c60e6b15df3a17d861dbdec5b25831a1be7336d44ee254
mod_ssl-2.0.52-22.ent.s390.rpm SHA-256: fdb60daf8cffdc356a374b9649a36c5c6da16ae1230fba4aab8a1338beec5ead

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
httpd-2.0.52-22.ent.src.rpm SHA-256: 1c91cc5f80fdf18d88b0ab678dcd2b655331fd4229c53e3760d0bcac1508d9b7
ppc
httpd-2.0.52-22.ent.ppc.rpm SHA-256: 7cc7f142a606e7068e79d763623809450a78470006238232a8e814c47538ea62
httpd-devel-2.0.52-22.ent.ppc.rpm SHA-256: 9bd856d90a8b1db84af734e7a6a790ed18f053ce0a9d5128492d9941394a26f3
httpd-manual-2.0.52-22.ent.ppc.rpm SHA-256: 448bb9024c29d108195fb547ee265268806448022ec626ab57e83a5cf8351391
httpd-suexec-2.0.52-22.ent.ppc.rpm SHA-256: 26361689bb10a0f3e2d7c113de2354ae7615f2b8450ceccf13308f9e2ffb90e2
mod_ssl-2.0.52-22.ent.ppc.rpm SHA-256: 241b5e87b7fb7ee66f16b82d6d8d274d186666449e959bb41869599a2da74e43

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter