Het Apache HTTP Server Project heeft onlangs een nieuwe versie uitgegeven van hun Apache applicatie. Hier worden een drietal beveiligingslekken en een lijst van bugs opgelost. Het versienummer is aangekomen bij 2.0.49 en heeft de volgende release notes meegekregen:
The Apache Software Foundation and the The Apache HTTP Server Project are pleased to announce the release of version 2.0.49 of the Apache HTTP Server ("Apache"). This Announcement notes the significant changes in 2.0.49 as compared to 2.0.48.
This version of Apache is principally a bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 2.0.49 addresses three security vulnerabilities:This release is compatible with modules compiled for 2.0.42 and later versions. We consider this release to be the best version of Apache available and encourage users of all prior versions to upgrade.[break]De volgende downloads zijn momenteel beschikbaar:
- When using multiple listening sockets, a denial of service attack is possible on some platforms due to a race condition in the handling of short-lived connections. This issue is known to affect some versions of AIX, Solaris, and Tru64; it is known to not affect FreeBSD or Linux.
[CAN-2004-0174]- Arbitrary client-supplied strings can be written to the error log which can allow exploits of certain terminal emulators.
[CAN-2003-0020]- A remotely triggered memory leak in mod_ssl can allow a denial of service attack due to excessive memory consumption.
[CAN-2004-0113]Unix Source: tar.gz - tar.Z
