stable

FEDORA-2016-df0726ae26 created by jorton 6 years ago for Fedora 23

Security fix for CVE-2016-5387.

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2016-df0726ae26

This update has been submitted for testing by jorton.

6 years ago
User Icon adrian commented & provided feedback 6 years ago
karma

Took the packages directly from koji and have no visible problems.

User Icon shermdog commented & provided feedback 6 years ago
karma

Package is incompatible with i386

Jul 19 17:27:48 iqdh2fe0abqqb9d httpd[1082]: httpd: Syntax error on line 56 of /etc/httpd/conf/httpd.conf: Syntax error on line 40 of /etc/httpd/conf.modules.d/00-base.conf: Cannot load modules/mod_http2.so into server: /etc/httpd/modules/mod_http2.so: undefined symbol: nghttp2_session_change_stream_priority
Jul 19 17:27:48 iqdh2fe0abqqb9d systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Jul 19 17:27:48 iqdh2fe0abqqb9d systemd[1]: Failed to start The Apache HTTP Server.

This update has been pushed to testing.

6 years ago
User Icon jorton commented & provided feedback 6 years ago

@shermdog please check your libnghttp2 is up to date, that symbol is present in the current package.

User Icon shermdog commented & provided feedback 6 years ago

@jorton That was the answer. Does it make sense to explicitly define the requirement of libnghttp2 as part of this package?

User Icon jorton commented & provided feedback 6 years ago

@shermdog Great, thanks for confirming. Will do for future updates. https://bugzilla.redhat.com/show_bug.cgi?id=1358875

User Icon jorton provided feedback 6 years ago
User Icon jorton commented & provided feedback 6 years ago

Karma please! :)

User Icon shermdog provided feedback 6 years ago
karma

This update has been submitted for stable by jorton.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
security
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
BZ#1353755 CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header
0
0
BZ#1357597 CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header [fedora-all]
0
0

Automated Test Results

Test Cases

0 0 Test Case HTTPd