ChangeLog for: 2015-07-17 20:38:52

n/httpd-2.4.16-x86_64-1.txz:  Upgraded.
  This update fixes the following security issues:
  * CVE-2015-0253:  Fix a crash with ErrorDocument 400 pointing to a local
    URL-path with the INCLUDES filter active, introduced in 2.4.11.
  * CVE-2015-0228: mod_lua: A maliciously crafted websockets PING after a
    script calls r:wsupgrade() can cause a child process crash.
  * CVE-2015-3183: core: Fix chunk header parsing defect.  Remove
    apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN
    filter, parse chunks in a single pass with zero copy.  Limit accepted
    chunk-size to 2^63-1 and be strict about chunk-ext authorized characters.
  * CVE-2015-3185: Replacement of ap_some_auth_required (unusable in Apache
    httpd 2.4) with new ap_some_authn_required and ap_force_authn hook.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185
  (* Security fix *)
n/php-5.6.11-x86_64-1.txz:  Upgraded.
  This update fixes some bugs and security issues.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3152
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4643
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4644
  (* Security fix *)
xap/xscreensaver-5.33-x86_64-1.txz:  Upgraded.