httpd-2.4.6-40.4.0.1.el7.AXS7
エラータID: AXSA:2016-568:02
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
Security issues fixed with this release:
CVE-2016-5387
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Fixed bugs:
* In a caching proxy configuration, the mod_cache module would treat content as stale if the Expires header changed when refreshing a cached response. As a consequence, an origin server returning content without a fixed Expires header would not be treated as cacheable. The mod_cache module has been fixed to ignore changes in the Expires header when refreshing content. As a result, such content is now cacheable, improving performance and reducing load at the origin server.
* The HTTP status code 451 "Unavailable For Legal Reasons" was not usable in the httpd configuration. As a consequence, modules such as mod_rewrite could not be configured to return a 451 error if required for legal purposes. The 451 status code has been added to the list of available error codes, and modules can now be configured to return a 451 error if required.
Update packages.
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
N/A
SRPMS
- httpd-2.4.6-40.4.0.1.el7.AXS7.src.rpm
MD5: f661de5b4072b37f5173ba8301183068
SHA-256: 27f0f0882fc3ede1e06328eac691730a3fa595e3abbf8ddfb89cac18bcccbdeb
Size: 4.87 MB
Asianux Server 7 for x86_64
- httpd-2.4.6-40.4.0.1.el7.AXS7.x86_64.rpm
MD5: 4bbc4bde1777f9c89ea0fb7d336a2c60
SHA-256: 7622f1dade3f7f7e303761858fabe5a58409b08b1f713a0120da3278adc32b7c
Size: 1.17 MB - httpd-devel-2.4.6-40.4.0.1.el7.AXS7.x86_64.rpm
MD5: 28586bd3ba05270129a662779cc3b7a3
SHA-256: ed96f65a9d3dc315c0ef6790bdc31126c29ebd0ac68a703ab3a24bb30c1bc258
Size: 186.69 kB - httpd-manual-2.4.6-40.4.0.1.el7.AXS7.noarch.rpm
MD5: ead8294b8deecc3610b9fd0097cbf434
SHA-256: 4374497da60cf94ca9b58a47ff846436c8dea975ef1b4651b7cffd5ee7f2adfe
Size: 1.33 MB - httpd-tools-2.4.6-40.4.0.1.el7.AXS7.x86_64.rpm
MD5: 1cf1763a97e29eb4c95b19266f4249fe
SHA-256: 53adb4af7292fad8812b3c5e79c8d43f8c7b2e0f2da12c3903dd5591ef4e4373
Size: 81.55 kB - mod_ssl-2.4.6-40.4.0.1.el7.AXS7.x86_64.rpm
MD5: b5537cfe6fff4e353fc7d7a5a9af7735
SHA-256: bf2edb168d3fec64ebcc618fcf132c56318c4775bf7a5720b39666e093df8c55
Size: 102.71 kB