[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2298-1] apache2 security update

I copied the configs directly over.

Stefan Fritsch <sf@debian.org> wrote:

>Hash: SHA1
>Debian Security Advisory DSA-2298-1                  
>http://www.debian.org/security/                            Stefan
>August 29, 2011                       
>Package        : apache2
>Vulnerability  : denial of service
>Problem type   : remote
>Debian-specific: no
>CVE ID         : CVE-2010-1452 CVE-2011-3192
>Two issues have been found in the Apache HTTPD web server:
>A vulnerability has been found in the way the multiple overlapping
>ranges are handled by the Apache HTTPD server. This vulnerability
>allows an attacker to cause Apache HTTPD to use an excessive amount of
>memory, causing a denial of service.
>A vulnerability has been found in mod_dav that allows an attacker to
>cause a daemon crash, causing a denial of service. This issue only
>affects the Debian 5.0 oldstable/lenny distribution.
>For the oldstable distribution (lenny), these problems have been fixed
>in version 2.2.9-10+lenny10.
>For the stable distribution (squeeze), this problem has been fixed in
>version 2.2.16-6+squeeze2.
>For the testing distribution (wheezy), this problem will be fixed soon.
>For the unstable distribution (sid), this problem has been fixed in
>version 2.2.19-2.
>We recommend that you upgrade your apache2 packages.
>This update also contains updated apache2-mpm-itk packages which have
>been recompiled against the updated apache2 packages. The new version
>number for the oldstable distribution is 2.2.6-02-1+lenny5. In the
>stable distribution, apache2-mpm-itk has the same version number as
>Further information about Debian Security Advisories, how to apply
>these updates to your system and frequently asked questions can be
>found at: http://www.debian.org/security/
>Mailing list: debian-security-announce@lists.debian.org
>Version: GnuPG v1.4.11 (GNU/Linux)
>To UNSUBSCRIBE, email to
>with a subject of "unsubscribe". Trouble? Contact
>Archive: http://lists.debian.org/E1Qy9Bx-0001rj-Ua@chopin.debian.org

Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Reply to: