The Red Hat Application Stack v2.2 is an integrated open source application
stack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise
Application Platform (EAP) 4.2.
This erratum updates the Apache HTTP Server package to version 2.2.10 which
addresses the following security issues:
A flaw was found in the mod_proxy module. An attacker who has control of
a web server to which requests are being proxied could cause a limited
denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364)
A flaw was found in the mod_proxy_ftp module. Where Apache is configured
to support ftp-over-httpd proxying, a remote attacker could perform a
cross-site scripting attack. (CVE-2008-2939)
A cross-site request forgery issue was found in the mod_proxy_balancer
module. A remote attacker could cause a denial of service if
mod_proxy_balancer is enabled and an authenticated user is targeted.
(CVE-2007-6420)
The JBoss Enterprise Application Platform (EAP) 4.2 has been updated to
version 4.2.0.CP05.
The following packages were also updated:
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | i386 | postgresql-pltcl | <Β 8.2.11-1.el5s2 | postgresql-pltcl-8.2.11-1.el5s2.i386.rpm |
RedHat | 5 | x86_64 | mysql-connector-odbc | <Β 3.51.26r1127-1.el5s2 | mysql-connector-odbc-3.51.26r1127-1.el5s2.x86_64.rpm |
RedHat | 5 | i386 | perl-dbd-mysql | <Β 4.008-2.el5s2 | perl-DBD-MySQL-4.008-2.el5s2.i386.rpm |
RedHat | 5 | i386 | perl-dbi | <Β 1.607-3.el5s2 | perl-DBI-1.607-3.el5s2.i386.rpm |
RedHat | 5 | x86_64 | mysql-devel | <Β 5.0.60sp1-1.el5s2 | mysql-devel-5.0.60sp1-1.el5s2.x86_64.rpm |
RedHat | 5 | i386 | postgresql-libs | <Β 8.2.11-1.el5s2 | postgresql-libs-8.2.11-1.el5s2.i386.rpm |
RedHat | 5 | i386 | httpd | <Β 2.2.10-1.el5s2 | httpd-2.2.10-1.el5s2.i386.rpm |
RedHat | 5 | i386 | postgresql-server | <Β 8.2.11-1.el5s2 | postgresql-server-8.2.11-1.el5s2.i386.rpm |
RedHat | 5 | x86_64 | postgresql-plperl | <Β 8.2.11-1.el5s2 | postgresql-plperl-8.2.11-1.el5s2.x86_64.rpm |
RedHat | 5 | x86_64 | postgresql-contrib | <Β 8.2.11-1.el5s2 | postgresql-contrib-8.2.11-1.el5s2.x86_64.rpm |