——————————————————————————–
Fedora Update Notification
FEDORA-2019-099575a123
2019-08-23 01:26:06.889669
——————————————————————————–

Name : httpd
Product : Fedora 30
Version : 2.4.41
Release : 1.fc30
URL : https://httpd.apache.org/
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.

——————————————————————————–
Update Information:

This update includes the latest release of the Apache HTTP Server, version
`2.4.41`, fixing various security issues. Several major enhancements are also
included in this update: * `mod_md` is now packaged from upstream *github*
releases, adding support for ACMEv2. * `mod_cgid` stderr handling has been
improved See http://www.apache.org/dist/httpd/CHANGES_2.4.41 for a full list of
changes since the previous release of `httpd`.
——————————————————————————–
ChangeLog:

* Thu Aug 15 2019 Joe Orton <jorton@redhat.com> – 2.4.41-1
– update to 2.4.41
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> – 2.4.39-13
– Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jul 23 2019 Joe Orton <jorton@redhat.com> – 2.4.39-12
– drop /var/lib/dav directory, since mod_dav_fs uses statedir
* Wed Jul 17 2019 Joe Orton <jorton@redhat.com> – 2.4.39-11
– mod_cgid: use fd passing to fix script stderr handling (#1591157)
* Mon Jul 8 2019 Joe Orton <jorton@redhat.com> – 2.4.39-10
– htpasswd: add SHA-256/512 support
– apachectl: restore -V/-v/-t support (#1727434)
* Fri Jun 21 2019 Joe Orton <jorton@redhat.com> – 2.4.39-9
– create instance-specific StateDir in httpd@.service, instance.conf
* Thu Jun 20 2019 Joe Orton <jorton@redhat.com> – 2.4.39-8
– remove superfluous ap_hack_ symbols from httpd binary
– more verbose %check section
* Thu Jun 13 2019 Lubos Uhliarik <luhliari@redhat.com> – 2.4.39-7
– remove bundled mod_md module
* Thu Jun 13 2019 Joe Orton <jorton@redhat.com> – 2.4.39-6
– mod_ssl: fix “httpd -L” (etc) before httpd-init.service runs
* Wed Jun 12 2019 Joe Orton <jorton@redhat.com> – 2.4.39-5
– fixes for StateDir directive (upstream r1857731, r1857731)
* Thu May 2 2019 Lubos Uhliarik <luhliari@redhat.com> – 2.4.39-4
– httpd dependency on initscripts is unspecified (#1705188)
* Tue Apr 9 2019 Joe Orton <jorton@redhat.com> – 2.4.39-3
– fix statedir symlink to point to /var/lib/httpd (#1697662)
– mod_reqtimeout: fix default values regression (PR 63325)
——————————————————————————–
References:

[ 1 ] Bug #1591157 – Unusable entries in error_log when event MPM is activated
https://bugzilla.redhat.com/show_bug.cgi?id=1591157
[ 2 ] Bug #1727434 – Fedora apachectl script behaves differently than authors design it
https://bugzilla.redhat.com/show_bug.cgi?id=1727434
[ 3 ] Bug #1743961 – CVE-2019-10098 httpd: mod_rewrite potential open redirect [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1743961
[ 4 ] Bug #1743957 – CVE-2019-10092 httpd: limited cross-site scripting in mod_proxy error page [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1743957
[ 5 ] Bug #1743997 – CVE-2019-10097 httpd: null-pointer dereference in mod_remoteip [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1743997
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-099575a123’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org