Kuwait Linux User Group

Apache 2.0.50 Released.
Date: Thursday, September 16, 2004 @ 21:17:15 EDT
Topic: adv

The Apache HTTP Server Project is proud to announce the release of version 2.0.50 of the Apache HTTP Server ("Apache"). (translations are available fo German and Japanese language) .

This version of Apache is principally a bug fix release. Of particular note is that 2.0.50 addresses two security vulnerabilities:

A remotely triggered memory leak in http header parsing can allow a denial of service attack due to excessive memory consumption.

? ? ? ? ? ? ? ? ? ?  Fixes a mod_ssl buffer overflow in the FakeBasicAuth code for a (trusted) client certificate subject DN which exceeds 6K in length.
? ? ? ? ?  [CAN-2004-0488]

For further details, see the announcement

This article comes from Kuwait Linux User Group

The URL for this story is: