Apache HTTP Server 2.2.21 Released

28 September 2011 at 06:31

Today Apache 2.2.21 got released!


     * SECURITY: CVE-2011-3348 (cve.mitre.org)
       mod_proxy_ajp when combined with mod_proxy_balancer: Prevents
       unrecognized HTTP methods from marking ajp: balancer members
       in an error state, avoiding denial of service.

     * SECURITY: CVE-2011-3192 (cve.mitre.org)
       core: Further fixes to the handling of byte-range requests to use
       less memory, to avoid denial of service. This patch includes fixes
       to the patch introduced in release 2.2.20 for protocol compliance,
       as well as the MaxRanges directive.

For further information just have a look at on the httpd-announce list.

Posted in General, Linux
Meta no trackbacks, no comments, permalink, rss, atom

Trackbacks

Use the following link to trackback from your own site:
http://tuxaddicted.net/trackbacks?article_id=54

$ rake do:it

If it ain't broke, don't fix it.

Apache HTTP Server 2.2.21 Released

Trackbacks

Categories

Archives