Amazon Linux 1 Security Advisory: ALAS-2017-921
Advisory Release Date: 2017-11-02 20:21 Pacific
Advisory Updated Date: 2017-11-03 05:56 Pacific
Hash (#) character matches all IPs:
A regression was found in httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171)
Affected Packages:
httpd
Issue Correction:
Run yum update httpd to update your system.
i686:
mod_ssl-2.2.34-1.16.amzn1.i686
httpd-tools-2.2.34-1.16.amzn1.i686
httpd-devel-2.2.34-1.16.amzn1.i686
httpd-2.2.34-1.16.amzn1.i686
httpd-debuginfo-2.2.34-1.16.amzn1.i686
noarch:
httpd-manual-2.2.34-1.16.amzn1.noarch
src:
httpd-2.2.34-1.16.amzn1.src
x86_64:
httpd-devel-2.2.34-1.16.amzn1.x86_64
httpd-2.2.34-1.16.amzn1.x86_64
mod_ssl-2.2.34-1.16.amzn1.x86_64
httpd-debuginfo-2.2.34-1.16.amzn1.x86_64
httpd-tools-2.2.34-1.16.amzn1.x86_64