2011年11月15日

[installer 3011] apache-2.3.15-beta

apache-2.3.15-beta 出ています。

Apache Killer 対応など、複数のセキュリティホールの修正が含まれています。

☆ apache-2.3.15-beta
http://httpd.apache.org/
http://www.apache.org/dist/httpd/httpd-2.3.15-beta.tar.gz

Changes with Apache 2.3.15

*) SECURITY: CVE-2011-3348 (cve.mitre.org)
mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not
recognized. [Jean-Frederic Clere]

*) SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid
denial of service. If the sum of all ranges in a request is larger than
the original file, ignore the ranges and send the complete file.
PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener,
<lowprio20 gmail.com>]

*) SECURITY: CVE-2011-3607 (cve.mitre.org)
core: Fix integer overflow in ap_pregsub. This can be triggered e.g.
with mod_setenvif via a malicious .htaccess. [Stefan Fritsch]

*) configure: Load all modules in the generated default configuration
when using --enable-load-all-modules. [Rainer Jung]

*) mod_reqtimeout: Change the default to set some reasonable timeout
values. [Stefan Fritsch]

*) core, mod_dav_fs: Change default ETag to be "size mtime", i.e. remove
the inode. PR 49623. [Stefan Fritsch]

*) mod_lua: Expose SSL variables via r:ssl_var_lookup(). [Eric Covener]

*) mod_lua: LuaHook{AccessChecker,AuthChecker,CheckUserID,TranslateName}
can now additionally be run as "early" or "late" relative to other modules.
[Eric Covener]

*) configure: By default, only load those modules that are either required
or explicitly selected by a configure --enable-foo argument. The
LoadModule statements for modules enabled by --enable-mods-shared=most
and friends will be commented out. [Stefan Fritsch]

*) mod_lua: Prevent early Lua hooks (LuaHookTranslateName and
LuaHookQuickHandler) from being configured in <Directory>, <Files>,
and htaccess where the configuration would have been ignored.
[Eric Covener]

*) mod_lua: Resolve "attempt to index local 'r' (a userdata value)" errors
in LuaMapHandler scripts [Eric Covener]

*) mod_log_debug: Rename optional argument from if= to expr=, to be more
in line with other config directives. [Stefan Fritsch]

*) mod_headers: Require an expression to be specified with expr=, to be more
in line with other config directives. [Stefan Fritsch]

*) mod_substitute: To prevent overboarding memory usage, limit line length
to 1MB. [Stefan Fritsch]

*) mod_lua: Make the query string (r.args) writable. [Eric Covener]

*) mod_include: Add support for application/x-www-form-urlencoded encoding
and decoding. [Graham Leggett]

*) rotatelogs: Add -c option to force logfile creation in every rotation

投稿者 xml-rpc : 2011年11月15日 11:43
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/107354
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。