quinte17
16.09.04, 09:13
http://www.apache.org
Apache 2.0.51 Released
The Apache HTTP Server Project is proud to announce the release of version 2.0.51 of the Apache HTTP Server ("Apache").
This version of Apache is principally a bug fix release. Of particular note is that 2.0.51 addresses five security vulnerabilities:
An input validation issue in IPv6 literal address parsing which can result in a negative length parameter being passed to memcpy.
[CAN-2004-0786]
A buffer overflow in configuration file parsing could allow a local user to gain the privileges of a httpd child if the server can be forced to parse a carefully crafted .htaccess file.
[CAN-2004-0747]
A segfault in mod_ssl which can be triggered by a malicious remote server, if proxying to SSL servers has been configured.
[CAN-2004-0751]
A potential infinite loop in mod_ssl which could be triggered given particular timing of a connection abort.
[CAN-2004-0748]
A segfault in mod_dav_fs which can be remotely triggered by an indirect lock refresh request.
[CAN-2004-0809]
greetz
Apache 2.0.51 Released
The Apache HTTP Server Project is proud to announce the release of version 2.0.51 of the Apache HTTP Server ("Apache").
This version of Apache is principally a bug fix release. Of particular note is that 2.0.51 addresses five security vulnerabilities:
An input validation issue in IPv6 literal address parsing which can result in a negative length parameter being passed to memcpy.
[CAN-2004-0786]
A buffer overflow in configuration file parsing could allow a local user to gain the privileges of a httpd child if the server can be forced to parse a carefully crafted .htaccess file.
[CAN-2004-0747]
A segfault in mod_ssl which can be triggered by a malicious remote server, if proxying to SSL servers has been configured.
[CAN-2004-0751]
A potential infinite loop in mod_ssl which could be triggered given particular timing of a connection abort.
[CAN-2004-0748]
A segfault in mod_dav_fs which can be remotely triggered by an indirect lock refresh request.
[CAN-2004-0809]
greetz