Yblog = yourblog,你的優質部落格。願真田幸村紅鎧策馬赤備突擊的身影,帶給我們更多的勇氣。
星期五, 十月 9, 2009
Apache 2.2.14釋出

網頁伺服器軟體Apache HTTP Server日前發表了2.2.14版本,一樣是安全性漏洞與bug修正。

從2.2.13以來到2.2.14的修正內容如下:

Changes with Apache 2.2.14

*) SECURITY: CVE-2009-2699 (cve.mitre.org)
Fixed in APR 1.3.9. Faulty error handling in the Solaris pollset support
(Event Port backend) which could trigger hangs in the prefork and event
MPMs on that platform. PR 47645. [Jeff Trawick]

*) SECURITY: CVE-2009-3095 (cve.mitre.org)
mod_proxy_ftp: sanity check authn credentials.
[Stefan Fritsch <sf fritsch.de>, Joe Orton]

*) SECURITY: CVE-2009-3094 (cve.mitre.org)
mod_proxy_ftp: NULL pointer dereference on error paths.
[Stefan Fritsch <sf fritsch.de>, Joe Orton]

*) mod_proxy_scgi: Backport from trunk. [André Malo]

*) mod_ldap: Don't try to resolve file-based user ids to a DN when AuthLDAPURL
has been defined at a very high level. PR 45946. [Eric Covener]

*) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]

*) mod_ldap: Bring the LDAPCacheEntries and LDAPOpCacheEntries
usage() in synch with the manual and the implementation (0 and -1
both disable the cache). [Eric Covener]

*) mod_ssl: The error message when SSLCertificateFile is missing should
at least give the name or position of the problematic virtual host
definition. [Stefan Fritsch sf sfritsch.de]

*) htdbm: Fix possible buffer overflow if dbm database has very
long values. PR 30586 [Dan Poirier]

*) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]

*) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
type. PR 45107. [Michael Ströder <michael stroeder.com>,
Peter Sylvester <peter.sylvester edelweb.fr>]

*) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
defined session identifiers encoded in the URL when caching.
[Ruediger Pluem]

*) mod_mem_cache: fix seg fault under load due to pool concurrency problem
PR: 47672 [Dan Poirier <poirier pobox.com>]

*) mod_autoindex: Correctly create an empty cell if the description
for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]

Changes with Apache 2.2.13

*) SECURITY: CVE-2009-2412 (cve.mitre.org)
Distributed with APR 1.3.8 and APR-util 1.3.9 to fix potential overflow
in pools and rmm, where size alignment was taking place.
[Matt Lewis <mattlewis@google.com>, Sander Striker]

*) mod_ssl, ab: improve compatibility with OpenSSL 1.0.0 betas. Report
warnings compiling mod_ssl against OpenSSL to the httpd developers.
[Guenter Knauf]

*) mod_cgid: Do not add an empty argument when calling the CGI script.
PR 46380 [Ruediger Pluem]

*) Fix potential segfaults with use of the legacy ap_rputs() etc
interfaces, in cases where an output filter fails. PR 36780.
[Joe Orton]
More... funp HemiDemi MyShare del.icio.us technorati Google Bookmarks Digg
ivan 發表於 11:07 PM | 文章分類: 數位科技, software | 標籤列表:

迴響留言
尚無迴響

張貼迴響:
名稱
電子郵件
網址



請輸入你在圖片中看到的文字
引用列表
本篇文章引用網址: http://yblog.org/api/trackback/?id=10714
沒有引用










Collablog Portal enabled