June 29th, 2007

SELinux blocks Apache DoS vulnerability

A recent Apache vulnerability, where a remote attacker can cause httpd to send a signal to an arbitrary process and potentially crash it, is mitigated by SELinux targeted policy (as installed by default in RHEL5 and F7). Of course, even if you have SELinux enabled, it's good defence-in-depth1 to ensure the underlying vulnerabilities are fixed.

Advisories: RHEL5, F7.


1Here's a useful reference page on Fedora Security Features.