Httpd - Red Hat ENTERPRISE LINUX 5.5 - TECHNICAL NOTES Manual

would be unable to use the prelink tool to verify the checksum against an unmodified copy of itself.
This update contains a backported fix that allows hmaccalc to remember the location of the prelink
command that was available at build time, and to be able to use it if necessary.
Note that this fix is required in order to build the Linux kernel with FIPS-compliance (Federal
Information Processing Standards) enabled.
All users of hmaccalc are advised to upgrade to this updated package, which resolves this issue.

1.70. httpd

1.70.1. RHSA-2010:0168: Moderate security and enhancement
update
Important
This update has already been released (prior to the GA of this release) as the security
RHSA-2010:0168
errata
Updated httpd packages that fix two security issues and add an enhancement are now available for
Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact.
Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are
available for each vulnerability from the CVE links in the References section.
The Apache HTTP Server is a popular web server.
It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when
processing certain malformed requests, which caused the back-end server to be marked as failed
in configurations where mod_proxy is used in load balancer mode. A remote attacker could cause
mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry
timeout period (60 seconds by default) by sending specially-crafted requests.
A use-after-free flaw was discovered in the way the Apache HTTP Server handled request headers in
subrequests. In configurations where subrequests are used, a multithreaded MPM (Multi-Processing
Module) could possibly leak information from other requests in request replies.
This update also adds the following enhancement:
* with the updated openssl packages from RHSA-2010:0162 installed, mod_ssl will refuse to
renegotiate a TLS/SSL connection with an unpatched client that does not support RFC 5746. This
update adds the "SSLInsecureRenegotiation" configuration directive. If this directive is enabled,
mod_ssl will renegotiate insecurely with unpatched clients.
Refer to the following Red Hat Knowledgebase article for more details about the changed mod_ssl
behavior: http://kbase.redhat.com/faq/docs/DOC-20491
478
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=512275
480
https://www.redhat.com/security/data/cve/CVE-2010-0408.html
481
https://www.redhat.com/security/data/cve/CVE-2010-0434.html
482
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=567980
478
(BZ#512275
479
)
(CVE-2010-0408
(CVE-2010-0434
482
(BZ#567980 )
httpd
480
)
481
)
75