Apache Announcement List

Sander Striker | 15 Sep 2004 20:50

Apache HTTP Server 2.0.51 Released


The Apache Software Foundation and the  The Apache HTTP Server Project
are pleased to announce the release of version 2.0.51 of the Apache
HTTP Server ("Apache").  This Announcement notes the significant
changes in 2.0.51 as compared to 2.0.50.

This version of Apache is principally a bug fix release.  Of
particular note is that 2.0.51 addresses five security
vulnerabilities:

  An input validation issue in IPv6 literal address parsing which
  can result in a negative length parameter being passed to memcpy.
  [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786]

  A buffer overflow in configuration file parsing could allow a
  local user to gain the privileges of a httpd child if the server
  can be forced to parse a carefully crafted .htaccess file.
  [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747]

  A segfault in mod_ssl which can be triggered by a malicious
  remote server, if proxying to SSL servers has been configured.
  [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751]

  A potential infinite loop in mod_ssl which could be triggered
  given particular timing of a connection abort.
  [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748]

  A segfault in mod_dav_fs which can be remotely triggered by an
  indirect lock refresh request.
  [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809]

(Continue reading)

headers

William A. Rowe, Jr. | 28 Sep 2004 22:55

Apache HTTP Server 2.0.52 Released


                   Apache HTTP Server 2.0.52 Released

   The Apache Software Foundation and the  The Apache HTTP Server Project are
   pleased to announce the release of version 2.0.52 of the Apache HTTP
   Server ("Apache").  This Announcement notes the significant changes
   in 2.0.52 as compared to 2.0.51. The Announcement is also available in
   German and Japanese from:

        http://www.apache.org/dist/httpd/Announcement2.txt.de
        http://www.apache.org/dist/httpd/Announcement2.txt.ja

   This version of Apache is principally a bug fix release.  Of
   particular note is that 2.0.52 addresses one new security related
   flaw introduced in 2.0.51:

     Fix merging of the Satisfy directive, which was applied to
     the surrounding context and could allow access despite configured
     authentication.
     [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0811]

   The Apache HTTP Server Project would like to thank Rici Lake for
   identification and a proposed fix of this flaw.

   This release is compatible with modules compiled for 2.0.42 and
   later versions.  We consider this release to be the best version of
   Apache available and encourage users of all prior versions to
   upgrade.

   Apache HTTP Server 2.0.52 is available for download from

(Continue reading)

Mon	Tue	Wed	Thu	Fri	Sat	Sun

		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

2	February 2013
1	August 2012
1	April 2012
1	February 2012
1	January 2012
1	October 2011
1	September 2011
2	August 2011
3	May 2011
1	March 2011
2	December 2010
1	November 2010
1	October 2010
1	August 2010
2	June 2010
1	March 2010
1	February 2010
1	January 2010
1	November 2009
1	August 2009
1	March 2009
1	December 2008
1	October 2008
1	June 2008
1	April 2008
3	January 2008
1	November 2007
2	September 2007
1	February 2007
1	January 2007
1	December 2006
1	September 2006
2	August 2006
1	July 2006
1	May 2006
3	February 2006
1	December 2005
2	November 2005
3	October 2005
2	September 2005
1	July 2005
1	June 2005
2	May 2005
1	April 2005
2	February 2005
1	December 2004
2	September 2004
1	August 2004