Apache HTTP Server 2.0.49 Released
Boris Folgmann
boris at folgmann.de
Mon Mar 22 10:07:43 UTC 2004
Hi!
AFAIK httpd-2.0.40-11.9 is the last version packaged for RH8. Are there
already some plans to release an RPM with the latest security fixes for
Fedora-Legacy?
"Apache HTTP Server 2.0.49 Released
The Apache Software Foundation and the The Apache HTTP Server Project are
pleased to announce the release of version 2.0.49 of the Apache HTTP Server
("Apache"). This Announcement notes the significant changes in 2.0.49 as
compared to 2.0.48.
This version of Apache is principally a bug fix release. A summary of the
bug fixes is given at the end of this document. Of particular note is that
2.0.49 addresses three security vulnerabilities:
When using multiple listening sockets, a denial of service attack is
possible on some platforms due to a race condition in the handling of
short-lived connections. This issue is known to affect some versions of
AIX, Solaris, and Tru64; it is known to not affect FreeBSD or Linux.
[CAN-2004-0174]
Arbitrary client-supplied strings can be written to the error log which can
allow exploits of certain terminal emulators.
[CAN-2003-0020]
A remotely triggered memory leak in mod_ssl can allow a denial of service
attack due to excessive memory consumption.
[CAN-2004-0113]
This release is compatible with modules compiled for 2.0.42 and later
versions. We consider this release to be the best version of Apache
available and encourage users of all prior versions to upgrade."
from http://www.apache.org/dist/httpd/Announcement2.html
cu,
boris
More information about the fedora-legacy-list
mailing list