2012年1月31日

[installer 3092] apache-2.2.22

apache-2.2.22 出ています。

複数のセキュリティホールの修正が含まれています。
http://httpd.apache.org/security/vulnerabilities_22.html
参照のこと。

☆ apache-2.2.22
http://httpd.apache.org/

http://www.apache.org/dist/httpd/httpd-2.2.22.tar.gz

Changes with Apache 2.2.22

*) SECURITY: CVE-2011-3368 (cve.mitre.org)
Reject requests where the request-URI does not match the HTTP
specification, preventing unexpected expansion of target URLs in
some reverse proxy configurations. [Joe Orton]

*) SECURITY: CVE-2011-3607 (cve.mitre.org)
Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
is enabled, could allow local users to gain privileges via a .htaccess
file. [Stefan Fritsch, Greg Ames]

*) SECURITY: CVE-2011-4317 (cve.mitre.org)
Resolve additional cases of URL rewriting with ProxyPassMatch or
RewriteRule, where particular request-URIs could result in undesired
backend network exposure in some configurations.
[Joe Orton]

*) SECURITY: CVE-2012-0021 (cve.mitre.org)
mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format
string is in use and a client sends a nameless, valueless cookie, causing
a denial of service. The issue existed since version 2.2.17. PR 52256.
[Rainer Canavan <rainer-apache 7val com>]

*) SECURITY: CVE-2012-0031 (cve.mitre.org)
Fix scoreboard issue which could allow an unprivileged child process
could cause the parent to crash at shutdown rather than terminate
cleanly. [Joe Orton]

*) SECURITY: CVE-2012-0053 (cve.mitre.org)
Fix an issue in error responses that could expose "httpOnly" cookies
when no custom ErrorDocument is specified for status code 400.
[Eric Covener]

*) mod_proxy_ajp: Try to prevent a single long request from marking a worker
in error. [Jean-Frederic Clere]

*) config: Update the default mod_ssl configuration: Disable SSLv2, only
allow >= 128bit ciphers, add commented example for speed optimized cipher
list, limit MSIE workaround to MSIE <= 5. [Kaspar Brand]

*) core: Fix segfault in ap_send_interim_response(). PR 52315.
[Stefan Fritsch]

投稿者 xml-rpc : 2012年1月31日 10:58
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/108432
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。