Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2010:0659 - Security Advisory
Issued:
2010-08-30
Updated:
2010-08-30

RHSA-2010:0659 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: httpd security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated httpd packages that fix two security issues and multiple bugs are
now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

The Apache HTTP Server is a popular web server.

A flaw was discovered in the way the mod_proxy module of the Apache HTTP
Server handled the timeouts of requests forwarded by a reverse proxy to the
back-end server. If the proxy was configured to reuse existing back-end
connections, it could return a response intended for another user under
certain timeout conditions, possibly leading to information disclosure.
(CVE-2010-2791)

A flaw was found in the way the mod_dav module of the Apache HTTP Server
handled certain requests. If a remote attacker were to send a carefully
crafted request to the server, it could cause the httpd child process to
crash. (CVE-2010-1452)

This update also fixes the following bugs:

  • numerous issues in the INFLATE filter provided by mod_deflate. "Inflate

error -5 on flush" errors may have been logged. This update upgrades
mod_deflate to the newer upstream version from Apache HTTP Server 2.2.15.
(BZ#625435)

  • the response would be corrupted if mod_filter applied the DEFLATE filter

to a resource requiring a subrequest with an internal redirect. (BZ#625451)

  • the OID() function used in the mod_ssl "SSLRequire" directive did not

correctly evaluate extensions of an unknown type. (BZ#625452)

All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 617523 - CVE-2010-2791 httpd: Reverse proxy sends wrong responses after time-outs
  • BZ - 618189 - CVE-2010-1452 httpd mod_cache, mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments
  • BZ - 625435 - mod_deflate/mod_proxy generating 'Inflate error -5 on flush' errors
  • BZ - 625451 - [APACHE BUG] filter handling issues with subrequests and internal redirects
  • BZ - 625452 - mod_ssl: Further fix for SSLRequire OID() function

CVEs

  • CVE-2010-2791
  • CVE-2010-1452

References

  • http://www.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
httpd-2.2.3-43.el5_5.3.src.rpm SHA-256: b7a5e395b0c95ebc0957bdb26b0cb342432a9016195addc0dc73695a1457a679
x86_64
httpd-2.2.3-43.el5_5.3.x86_64.rpm SHA-256: 8966924e36671ffa4a316ee1d3f7dcb31a1645ac0cdb2aeb7d7b2d3001921e1f
httpd-devel-2.2.3-43.el5_5.3.i386.rpm SHA-256: b80b1025f3edbda10211dee20f70f4b64bf5f7a2dd19f4a8efe9c3662dc05a7d
httpd-devel-2.2.3-43.el5_5.3.x86_64.rpm SHA-256: 8df88855c7c9835f3caf424e72fa69ffb1956753ff70d0af1fb9bc8b8dc2a15e
httpd-manual-2.2.3-43.el5_5.3.x86_64.rpm SHA-256: 197d692a21dff2c6ba5a8d131789f2445fe3c7dea3142806ff39b7874beafe74
mod_ssl-2.2.3-43.el5_5.3.x86_64.rpm SHA-256: 8a6cede35a7f0084ad5e1c8c2a2fdb9eb240e2020215408030bb797c7d3479a4
ia64
httpd-2.2.3-43.el5_5.3.ia64.rpm SHA-256: e01c8df5e247ff0b88e305c2350edb98c5236bf422912d999352360b99d32f89
httpd-devel-2.2.3-43.el5_5.3.ia64.rpm SHA-256: 459868045d7c5deb2f0d41838e1e281b63dba8d9acdad605da324a2016634491
httpd-manual-2.2.3-43.el5_5.3.ia64.rpm SHA-256: 0422f9206b1f1dc65e3af33ff0cf1e602dfafbd9946fc3f271062091d353b640
mod_ssl-2.2.3-43.el5_5.3.ia64.rpm SHA-256: 65a9bc4ed9961ad566ac18d2cab2b73e89704baaeaf945e2672f0d617d3e6af4
i386
httpd-2.2.3-43.el5_5.3.i386.rpm SHA-256: 7ab9a08d3f3b1126bd57e4b081fea0a4b7f948aa411db07e613a20261973ec2d
httpd-devel-2.2.3-43.el5_5.3.i386.rpm SHA-256: b80b1025f3edbda10211dee20f70f4b64bf5f7a2dd19f4a8efe9c3662dc05a7d
httpd-manual-2.2.3-43.el5_5.3.i386.rpm SHA-256: 5e5ddb1e7771bdcb39d599bd3c03f41e2daef99bcc2d7c9c93aa105505186d18
mod_ssl-2.2.3-43.el5_5.3.i386.rpm SHA-256: 92591cbb17db5361540ae0c8480fc977372692d8a67ce4f6dee56b3909b7e81a

Red Hat Enterprise Linux Workstation 5

SRPM
httpd-2.2.3-43.el5_5.3.src.rpm SHA-256: b7a5e395b0c95ebc0957bdb26b0cb342432a9016195addc0dc73695a1457a679
x86_64
httpd-2.2.3-43.el5_5.3.x86_64.rpm SHA-256: 8966924e36671ffa4a316ee1d3f7dcb31a1645ac0cdb2aeb7d7b2d3001921e1f
httpd-devel-2.2.3-43.el5_5.3.i386.rpm SHA-256: b80b1025f3edbda10211dee20f70f4b64bf5f7a2dd19f4a8efe9c3662dc05a7d
httpd-devel-2.2.3-43.el5_5.3.x86_64.rpm SHA-256: 8df88855c7c9835f3caf424e72fa69ffb1956753ff70d0af1fb9bc8b8dc2a15e
httpd-manual-2.2.3-43.el5_5.3.x86_64.rpm SHA-256: 197d692a21dff2c6ba5a8d131789f2445fe3c7dea3142806ff39b7874beafe74
mod_ssl-2.2.3-43.el5_5.3.x86_64.rpm SHA-256: 8a6cede35a7f0084ad5e1c8c2a2fdb9eb240e2020215408030bb797c7d3479a4
i386
httpd-2.2.3-43.el5_5.3.i386.rpm SHA-256: 7ab9a08d3f3b1126bd57e4b081fea0a4b7f948aa411db07e613a20261973ec2d
httpd-devel-2.2.3-43.el5_5.3.i386.rpm SHA-256: b80b1025f3edbda10211dee20f70f4b64bf5f7a2dd19f4a8efe9c3662dc05a7d
httpd-manual-2.2.3-43.el5_5.3.i386.rpm SHA-256: 5e5ddb1e7771bdcb39d599bd3c03f41e2daef99bcc2d7c9c93aa105505186d18
mod_ssl-2.2.3-43.el5_5.3.i386.rpm SHA-256: 92591cbb17db5361540ae0c8480fc977372692d8a67ce4f6dee56b3909b7e81a

Red Hat Enterprise Linux Desktop 5

SRPM
httpd-2.2.3-43.el5_5.3.src.rpm SHA-256: b7a5e395b0c95ebc0957bdb26b0cb342432a9016195addc0dc73695a1457a679
x86_64
httpd-2.2.3-43.el5_5.3.x86_64.rpm SHA-256: 8966924e36671ffa4a316ee1d3f7dcb31a1645ac0cdb2aeb7d7b2d3001921e1f
mod_ssl-2.2.3-43.el5_5.3.x86_64.rpm SHA-256: 8a6cede35a7f0084ad5e1c8c2a2fdb9eb240e2020215408030bb797c7d3479a4
i386
httpd-2.2.3-43.el5_5.3.i386.rpm SHA-256: 7ab9a08d3f3b1126bd57e4b081fea0a4b7f948aa411db07e613a20261973ec2d
mod_ssl-2.2.3-43.el5_5.3.i386.rpm SHA-256: 92591cbb17db5361540ae0c8480fc977372692d8a67ce4f6dee56b3909b7e81a

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
httpd-2.2.3-43.el5_5.3.src.rpm SHA-256: b7a5e395b0c95ebc0957bdb26b0cb342432a9016195addc0dc73695a1457a679
s390x
httpd-2.2.3-43.el5_5.3.s390x.rpm SHA-256: a137f53bedb558a5db2768ad4093846e5549f0d8c16684a603c6f9d5f4d61029
httpd-devel-2.2.3-43.el5_5.3.s390.rpm SHA-256: 59b5282d954218384cbccb64ac042c62501d3289f0aa35006e8cd75fd2494e8e
httpd-devel-2.2.3-43.el5_5.3.s390x.rpm SHA-256: b0adc3b9e772d517b3804902b9a2f079605c956776d2c0d7f546902be512d27d
httpd-manual-2.2.3-43.el5_5.3.s390x.rpm SHA-256: 9835ec751e1434bd3ee0107d85ee69f4b5d6759b5a39851c76dd0661e71ed53c
mod_ssl-2.2.3-43.el5_5.3.s390x.rpm SHA-256: 95b4ec82094f1bad06ff17839912f6e03dba23732ef93f4ead6828c784df6592

Red Hat Enterprise Linux for Power, big endian 5

SRPM
httpd-2.2.3-43.el5_5.3.src.rpm SHA-256: b7a5e395b0c95ebc0957bdb26b0cb342432a9016195addc0dc73695a1457a679
ppc
httpd-2.2.3-43.el5_5.3.ppc.rpm SHA-256: f714663bd9e5743bbc02e02f3e4992350a51277ec0ec768da8c77fe04aa8db56
httpd-devel-2.2.3-43.el5_5.3.ppc.rpm SHA-256: dcdff6bce190995af299ebb48433c8fb0fb0e3dea9ae6141e09c18aeacd5b3be
httpd-devel-2.2.3-43.el5_5.3.ppc64.rpm SHA-256: 89fe3ceac8686084cb7c082ed95d4aceb6aa66f0747abaad6ef23647de4d29cd
httpd-manual-2.2.3-43.el5_5.3.ppc.rpm SHA-256: 80df51526836359ef7c90e0de6b36a0ef4ae2b28c8db68b7035804056afe32f3
mod_ssl-2.2.3-43.el5_5.3.ppc.rpm SHA-256: c45ecdba1a4dbfa8c7dbe9c2ccff5b04a6f52a5336f5791a5d85d7a30e68f402

Red Hat Enterprise Linux Server from RHUI 5

SRPM
httpd-2.2.3-43.el5_5.3.src.rpm SHA-256: b7a5e395b0c95ebc0957bdb26b0cb342432a9016195addc0dc73695a1457a679
x86_64
httpd-2.2.3-43.el5_5.3.x86_64.rpm SHA-256: 8966924e36671ffa4a316ee1d3f7dcb31a1645ac0cdb2aeb7d7b2d3001921e1f
httpd-devel-2.2.3-43.el5_5.3.i386.rpm SHA-256: b80b1025f3edbda10211dee20f70f4b64bf5f7a2dd19f4a8efe9c3662dc05a7d
httpd-devel-2.2.3-43.el5_5.3.x86_64.rpm SHA-256: 8df88855c7c9835f3caf424e72fa69ffb1956753ff70d0af1fb9bc8b8dc2a15e
httpd-manual-2.2.3-43.el5_5.3.x86_64.rpm SHA-256: 197d692a21dff2c6ba5a8d131789f2445fe3c7dea3142806ff39b7874beafe74
mod_ssl-2.2.3-43.el5_5.3.x86_64.rpm SHA-256: 8a6cede35a7f0084ad5e1c8c2a2fdb9eb240e2020215408030bb797c7d3479a4
i386
httpd-2.2.3-43.el5_5.3.i386.rpm SHA-256: 7ab9a08d3f3b1126bd57e4b081fea0a4b7f948aa411db07e613a20261973ec2d
httpd-devel-2.2.3-43.el5_5.3.i386.rpm SHA-256: b80b1025f3edbda10211dee20f70f4b64bf5f7a2dd19f4a8efe9c3662dc05a7d
httpd-manual-2.2.3-43.el5_5.3.i386.rpm SHA-256: 5e5ddb1e7771bdcb39d599bd3c03f41e2daef99bcc2d7c9c93aa105505186d18
mod_ssl-2.2.3-43.el5_5.3.i386.rpm SHA-256: 92591cbb17db5361540ae0c8480fc977372692d8a67ce4f6dee56b3909b7e81a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter