---

Fedora Core Advisories: subversion, httpd


Fedora Update Notification
FEDORA-2004-318
2004-09-23


Product : Fedora Core 2
Name : subversion
Version : 1.0.8
Release : 1
Summary : Modern Version Control System designed to replace CVS

Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.


Update Information:

This update includes the latest stable release of Subversion,
including a security fix for information disclosure bugs in
handling of metadata (such as log messages) in repositories using
mod_authz_svn for path-based access-control (CAN-2004-0749).


  • Thu Sep 23 2004 Joe Orton <jorton@redhat.com> 1.0.8-1
    • update to 1.0.8 (mod_authz_svn security fix,
      CAN-2004-0749)

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

c8e5bdf05d542ad3ba3e491a7866401e
SRPMS/subversion-1.0.8-1.src.rpm
63915e9ecdc55267108493a1a27234d7
x86_64/subversion-1.0.8-1.x86_64.rpm
560ec06f7756d22cdaa8f2a7522acf52
x86_64/subversion-devel-1.0.8-1.x86_64.rpm
0cd133ee95123c620cf9b859d7bd225e
x86_64/mod_dav_svn-1.0.8-1.x86_64.rpm
ba61830fb3a8be68f5c39bc0dca642f3
x86_64/subversion-perl-1.0.8-1.x86_64.rpm
171925d1eb6db9173a8d12c8027f36a5
x86_64/debug/subversion-debuginfo-1.0.8-1.x86_64.rpm
4a2484241e2d01bfe6f912d3adb34ab3
i386/subversion-1.0.8-1.i386.rpm
4d2cf86a62a1a166a251d4febd0bb60b
i386/subversion-devel-1.0.8-1.i386.rpm
1414749aefab44d7356b6c9b55a47c44
i386/mod_dav_svn-1.0.8-1.i386.rpm
7e1b229e3f790b394006672e4f813be5
i386/subversion-perl-1.0.8-1.i386.rpm
97550cc2bd748cf71a9bd46c665e8381
i386/debug/subversion-debuginfo-1.0.8-1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.



Fedora Update Notification
FEDORA-2004-313
2004-09-23


Product : Fedora Core 2
Name : httpd
Version : 2.0.51
Release : 2.7
Summary : Apache HTTP Server

Description :
Apache is a powerful, full-featured, efficient, and
freely-available Web server. Apache is also the most popular Web
server on the Internet.


This update includes the latest stable release of Apache httpd
2.0, including fixes for possible denial of service issues in
mod_ssl (CAN-2004-0751, CAN-2004-0747) and mod_dav_fs
(CAN-2004-0809), and a privilege elevation attack for local users
(CAN-2004-0747).

Note that these packages do also contain the fix for a
regression in Satisfy handling in the 2.0.51 release
(CAN-2004-0811).


  • Tue Sep 21 2004 Joe Orton <jorton@redhat.com> 2.0.51-2.7
    • ap_rgetline_core fix from Rici Lake
  • Tue Sep 21 2004 Joe Orton <jorton@redhat.com> 2.0.51-2.6
    • fix 2.0.51 regression in Satisfy merging (CAN-2004-0811)
  • Thu Sep 16 2004 Joe Orton <jorton@redhat.com> 2.0.51-2.5
    • mod_ssl: prevent SIGHUP-triggers-SIGSEGV after upgrade from
      2.0.50
    • revert mod_ldap/mod_auth_ldap changes likewise
  • Wed Sep 15 2004 Joe Orton <jorton@redhat.com> 2.0.51-2.1
    • update to 2.0.51, including security fixes for:
      • core: CAN-2004-0747
      • mod_dav_fs: CAN-2004-0809
      • mod_ssl: CAN-2004-0751, CAN-2004-0748

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

99c4698c12b5ce206fe1d421a0d24626
SRPMS/httpd-2.0.51-2.7.src.rpm
e015611ce4a96ef0488eb772d4e20e95
x86_64/httpd-2.0.51-2.7.x86_64.rpm
9d4c7c3db22fe5b8b5db8f0e6229c9c1
x86_64/httpd-devel-2.0.51-2.7.x86_64.rpm
0d5eaca4b6a0ca22dfb164438f0df73d
x86_64/httpd-manual-2.0.51-2.7.x86_64.rpm
6ae2964daebddd4630a143712583929b
x86_64/mod_ssl-2.0.51-2.7.x86_64.rpm
a87b486fe234e674ec7a7040da825874
x86_64/debug/httpd-debuginfo-2.0.51-2.7.x86_64.rpm
6ce668b14a339a895c1f94d3d2c74344 i386/httpd-2.0.51-2.7.i386.rpm
bf2d5ce617b715efb85a6bef1dcc1ff6
i386/httpd-devel-2.0.51-2.7.i386.rpm
7fdc3fd7ffd27e10ed608bad819f8203
i386/httpd-manual-2.0.51-2.7.i386.rpm
df387ada50ec5a154d840ae8d3996157
i386/mod_ssl-2.0.51-2.7.i386.rpm
feb541c52c040b0e12c879a3f264f5b7
i386/debug/httpd-debuginfo-2.0.51-2.7.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis