[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[plamo:29995] Apache 2.2.12
-
From:KATOH Yasufumi
-
Date:Wed, 29 Jul 2009 14:56:00 +0900 (JST)
- Subject: [plamo:29995] Apache 2.2.12
- From: KATOH Yasufumi <karma@xxxxxxxxxxxxxxxx>
- Date: Wed, 29 Jul 2009 14:55:56 +0900
- User-agent: Wanderlust/2.15.7 (Almost Unreal) SEMI/1.14.6 (Maruoka)FLIM/1.14.9 (=?iso-2022-jp-2?b?R29qGyQoRCtXGyhC?=) APEL/10.7 Emacs/23.0.92(i686-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)
加藤泰文です.
Apache 2.2.12 出てます.
http://www.apache.org/dist/httpd/CHANGES_2.2.12
セキュリティ関係
*) SECURITY: CVE-2009-1891 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects. PR 39605.
[Joe Orton, Ruediger Pluem]
*) SECURITY: CVE-2009-1195 (cve.mitre.org)
Prevent the "Includes" Option from being enabled in an .htaccess
file if the AllowOverride restrictions do not permit it.
[Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
Ruediger Pluem, Jeff Trawick]
*) SECURITY: CVE-2009-1890 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_proxy in a
reverse proxy configuration, where a remote attacker can force a
proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
*) SECURITY: CVE-2009-1191 (cve.mitre.org)
mod_proxy_ajp: Avoid delivering content from a previous request which
failed to send a request body. PR 46949 [Ruediger Pluem]
*) SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)
The bundled copy of the APR-util library has been updated, fixing three
different security issues which may affect particular configurations
and third-party modules.
--
==============================================
(((( 加藤泰文
○-○ karma @ jazz.email.ne.jp
==============================================
(Web Page) http://www.ne.jp/asahi/ka/to/
==============================================
[検索ページ]
[メール一覧]
Plamo ML 公開システム