Red Hat released two security updates this morning, both regarding httpd.
RHSA-2007:0557 Moderate: httpd security update
This update addresses several vulnerabilities in the httpd packages for Red Hat Application Stack v1. A list of vulnerabilities is included in Table 1 below. The Red Hat Security Response Team has rated this update as having moderate security impact.
| CVE-2006-5752 | The mod_status module is vulnerable to a cross-site scripting attack. |
| CVE-2007-1863 | Due to a bug in the mod_cache module, a remote attacker could cause the Apache process to crash, resulting in a denial of service. |
| CVE-2007-3304 | A local attacker could manipulate the scoreboard, causing Apache processes to terminate and resulting in a denial of service. |
RHSA-2007:0662 Moderate: httpd security update
This update addresses one vulnerability in the httpd packages for Red Hat Enterprise Linux 3 and 4. A local attacker could manipulate the scoreboard, causing Apache processes to terminate and resulting in a denial of service (CVE-2007-3304). The Red Hat Security Response Team has rated this update as having moderate security impact.
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!
July 13th, 2007 at 3:14 pm
Seems like Redhat releases a lot of security updates….
July 14th, 2007 at 12:46 pm
@stephen - You’re right about that. It’s partially because of how many versions of Red Hat Enterprise Linux they support. Additionally, since they provide a large amount of open-source software, they also must provide updates for it when necessary.
The good news is that most Red Hat (and Red Hat derivative) updates are very easy to apply.