[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#240100: apache2: multiple security vulnerabilities fixed in new upstream release

Package: apache2
Severity: grave

Apache2 2.0.49 fixes a few security bugs:

SECURITY: CAN-2004-0174 (cve.mitre.org) Fix starvation issue on
listening sockets where a short-lived connection on a rarely-accessed
listening socket will cause a child to hold the accept mutex and block
out new connections until another connection arrives on that
rarely-accessed listening socket. With Apache 2.x there is no
performance concern about enabling the logic for platforms which don't
need it, so it is enabled everywhere except for Win32. [Jeff Trawick]

SECURITY: CAN-2004-0113 (cve.mitre.org) mod_ssl: Fix a memory leak in
plain-HTTP-on-SSL-port handling. PR 27106. [Joe Orton]

SECURITY: CAN-2003-0020 (cve.mitre.org) Escape arbitrary data before
writing into the errorlog. Unescaped errorlogs are still possible using
the compile time switch "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey
Young, Andre Malo]

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.4-1-k7

Reply to: