Amazon Linux 1 Security Advisory: ALAS-2015-578
Advisory Release Date: 2015-08-17 12:23 Pacific
Advisory Updated Date: 2015-08-17 12:23 Pacific
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.
Affected Packages:
httpd
Issue Correction:
Run yum update httpd to update your system.
i686:
httpd-devel-2.2.31-1.6.amzn1.i686
mod_ssl-2.2.31-1.6.amzn1.i686
httpd-tools-2.2.31-1.6.amzn1.i686
httpd-debuginfo-2.2.31-1.6.amzn1.i686
httpd-2.2.31-1.6.amzn1.i686
noarch:
httpd-manual-2.2.31-1.6.amzn1.noarch
src:
httpd-2.2.31-1.6.amzn1.src
x86_64:
httpd-debuginfo-2.2.31-1.6.amzn1.x86_64
httpd-devel-2.2.31-1.6.amzn1.x86_64
httpd-tools-2.2.31-1.6.amzn1.x86_64
mod_ssl-2.2.31-1.6.amzn1.x86_64
httpd-2.2.31-1.6.amzn1.x86_64