Bug#240100: apache2: multiple security vulnerabilities fixed in new upstream release

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#240100: apache2: multiple security vulnerabilities fixed in new upstream release
From: Andres Salomon <dilinger@voxel.net>
Date: Thu, 25 Mar 2004 14:23:34 -0500
Message-id: <[🔎] 20040325192334.72C661FB47@wax.hq.voxel.net>
Reply-to: Andres Salomon <dilinger@voxel.net>, 240100@bugs.debian.org

Package: apache2
Severity: grave

Apache2 2.0.49 fixes a few security bugs:

SECURITY: CAN-2004-0174 (cve.mitre.org) Fix starvation issue on
listening sockets where a short-lived connection on a rarely-accessed
listening socket will cause a child to hold the accept mutex and block
out new connections until another connection arrives on that
rarely-accessed listening socket. With Apache 2.x there is no
performance concern about enabling the logic for platforms which don't
need it, so it is enabled everywhere except for Win32. [Jeff Trawick]

SECURITY: CAN-2004-0113 (cve.mitre.org) mod_ssl: Fix a memory leak in
plain-HTTP-on-SSL-port handling. PR 27106. [Joe Orton]

SECURITY: CAN-2003-0020 (cve.mitre.org) Escape arbitrary data before
writing into the errorlog. Unescaped errorlogs are still possible using
the compile time switch "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey
Young, Andre Malo]



-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.4-1-k7
Locale: LANG=C, LC_CTYPE=C

Reply to:

Prev by Date: Russsian model virgins haardcore piics and movies.
Next by Date: Good afternoon.
Previous by thread: Russsian model virgins haardcore piics and movies.
Next by thread: Good afternoon.
Index(es):
- Date
- Thread