Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache 2.0.53 Released, Fixes 2 Security Problems

Posted by timothy on from the issues-is-sort-of-ambiguous dept.

CGIsecurity.com writes "Two security issues have been addressed in Apache's 2.0.53 build. The entire Apache announcement can be found here."

3 of 32 comments (clear)

  1. From the changelog: by molo · · Score: 4, Informative
    *) SECURITY: CAN-2004-0942 (cve.mitre.org)
    Fix for memory consumption DoS in handling of MIME folded request
    headers. [Joe Orton]

    *) SECURITY: CAN-2004-0885 (cve.mitre.org)
    mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
    bypassed during an SSL renegotiation. PR 31505.
    [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
    --
    Using your sig line to advertise for friends is lame.
  2. Re:is it time for 2.0.x over 1.3.x? by Matt+Perry · · Score: 4, Informative

    Correction, PHP with Apache's threading module isn't recommended. PHP and any add-ons works great with the Apache 2.x prefork module. Prefork makes Apache work just like 1.3.

    --
    Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
  3. Re:is it time for 2.0.x over 1.3.x? by FireChipmunk · · Score: 4, Informative

    No, infact, mod_python is only actively developed for Apache 2.0. They don't even support the version for 1.3 anymore.