The httpd packages provide the Apache HTTP Server, a powerful, efficient,and extensible web server.Multiple flaws were found in the way httpd parsed HTTP requests andresponses using chunked transfer encoding. A remote attacker could usethese flaws to create a specially crafted request, which httpd would decodedifferently from an HTTP proxy software in front of it, possibly leading toHTTP request smuggling attacks. (CVE-2015-3183)It was discovered that in httpd 2.4, the internal API functionap_some_auth_required() could incorrectly indicate that a request wasauthenticated even when no authentication was used. An httpd module usingthis API function could consequently allow access that should have beendenied. (CVE-2015-3185)All httpd users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. After installing theupdated packages, the httpd service will be restarted automatically.