CentOS Update for httpd CESA-2009:1075 centos5 i386

The remote host is missing an update for the 'httpd' package(s) announced via the referenced advisory.

The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impacting other processes, or causing a system crash. (CVE-2008-1678) Note: The CVE-2008-1678 issue did not affect Red Hat Enterprise Linux 5 prior to 5.3. The problem was introduced via the RHBA-2009:0181 errata in Red Hat Enterprise Linux 5.3, which upgraded OpenSSL to the newer 0.9.8e version. A flaw was found in the handling of the 'Options' and 'AllowOverride' directives. In configurations using the 'AllowOverride' directive with certain 'Options=' arguments, local users were not restricted from executing commands from a Server-Side-Include script as intended. (CVE-2009-1195) All httpd users should upgrade to these updated packages, which contain backported patches to resolve these issues. Users must restart httpd for this update to take effect.

httpd on CentOS 5

Please install the updated packages.