Synopsis: Moderate: httpd security update
Advisory ID: SLSA-2017:2972-1
Issue Date: 2017-10-19
CVE Numbers: CVE-2017-9798
CVE-2017-12171
—
Security Fix(es):
* A use-after-free flaw was found in the way httpd handled invalid and
previously unregistered HTTP methods specified in the Limit directive used
in an .htaccess file. A remote attacker could possibly use this flaw to
disclose portions of the server memory, or cause httpd child process to
crash. (CVE-2017-9798)
* A regression was found in the Scientific Linux 6.9 version of httpd,
causing comments in the “Allow” and “Deny” configuration lines to be
parsed incorrectly. A web administrator could unintentionally allow any
client to access a restricted HTTP resource. (CVE-2017-12171)
—
SL6
x86_64
httpd-2.2.15-60.el6_9.6.x86_64.rpm
httpd-debuginfo-2.2.15-60.el6_9.6.x86_64.rpm
httpd-tools-2.2.15-60.el6_9.6.x86_64.rpm
httpd-debuginfo-2.2.15-60.el6_9.6.i686.rpm
httpd-devel-2.2.15-60.el6_9.6.i686.rpm
httpd-devel-2.2.15-60.el6_9.6.x86_64.rpm
mod_ssl-2.2.15-60.el6_9.6.x86_64.rpm
i386
httpd-2.2.15-60.el6_9.6.i686.rpm
httpd-debuginfo-2.2.15-60.el6_9.6.i686.rpm
httpd-tools-2.2.15-60.el6_9.6.i686.rpm
httpd-devel-2.2.15-60.el6_9.6.i686.rpm
mod_ssl-2.2.15-60.el6_9.6.i686.rpm
noarch
httpd-manual-2.2.15-60.el6_9.6.noarch.rpm
– Scientific Linux Development Team
