ALAS-2017-921


Amazon Linux AMI Security Advisory: ALAS-2017-921
Advisory Release Date: 2017-11-03 05:56 Pacific
Severity: Medium
References: CVE-2017-12171 

Issue Overview:

Hash (#) character matches all IPs:
A regression was found in httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171 )


Affected Packages:

httpd


Issue Correction:
Run yum update httpd to update your system.

New Packages:
i686:
    mod_ssl-2.2.34-1.16.amzn1.i686
    httpd-tools-2.2.34-1.16.amzn1.i686
    httpd-devel-2.2.34-1.16.amzn1.i686
    httpd-2.2.34-1.16.amzn1.i686
    httpd-debuginfo-2.2.34-1.16.amzn1.i686

noarch:
    httpd-manual-2.2.34-1.16.amzn1.noarch

src:
    httpd-2.2.34-1.16.amzn1.src

x86_64:
    httpd-devel-2.2.34-1.16.amzn1.x86_64
    httpd-2.2.34-1.16.amzn1.x86_64
    mod_ssl-2.2.34-1.16.amzn1.x86_64
    httpd-debuginfo-2.2.34-1.16.amzn1.x86_64
    httpd-tools-2.2.34-1.16.amzn1.x86_64