2009年7月30日

[installer 2016] Re: Apache 2.2.12

(Wed, 29 Jul 2009 14:51:47 +0900)
KATOH Yasufumi <karma@xxxxx>:
> Apache HTTP Server 2.2.12 出てますね.
> http://www.apache.org/dist/httpd/Announcement2.2.html
>
> * New Features in Apache 2.2.12
> http://httpd.apache.org/docs/2.2/new_features_2_2.html
> * ChangeLog for 2.2.12

> http://www.apache.org/dist/httpd/CHANGES_2.2.12

ということで、たくさんのセキュリティホールが修正されています。

Changes with Apache 2.2.12

*) SECURITY: CVE-2009-1891 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects. PR 39605.
[Joe Orton, Ruediger Pluem]

*) SECURITY: CVE-2009-1195 (cve.mitre.org)
Prevent the "Includes" Option from being enabled in an .htaccess
file if the AllowOverride restrictions do not permit it.
[Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
Ruediger Pluem, Jeff Trawick]

*) SECURITY: CVE-2009-1890 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_proxy in a
reverse proxy configuration, where a remote attacker can force a
proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]

*) SECURITY: CVE-2009-1191 (cve.mitre.org)
mod_proxy_ajp: Avoid delivering content from a previous request which
failed to send a request body. PR 46949 [Ruediger Pluem]

*) SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)
The bundled copy of the APR-util library has been updated, fixing three
different security issues which may affect particular configurations
and third-party modules.

*) mod_include: fix potential segfault when handling back references
on an empty SSI variable. [Ruediger Pluem, Lars Eilebrecht, Nick Kew]

*) mod_alias: check sanity in Redirect arguments.

投稿者 xml-rpc : 2009年7月30日 11:14
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/87128
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。