httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From stri...@apache.org
Subject cvs commit: httpd-site/xdocs index.xml
Date Fri, 19 Mar 2004 21:51:21 GMT
striker     2004/03/19 13:51:20

  Modified:    docs     index.html
               xdocs    index.xml
  Log:
  Another place to mention the release.
  
  Revision  Changes    Path
  1.73      +14 -8     httpd-site/docs/index.html
  
  Index: index.html
  ===================================================================
  RCS file: /home/cvs/httpd-site/docs/index.html,v
  retrieving revision 1.72
  retrieving revision 1.73
  diff -u -r1.72 -r1.73
  --- index.html	1 Jan 2004 13:47:20 -0000	1.72
  +++ index.html	19 Mar 2004 21:51:20 -0000	1.73
  @@ -127,7 +127,7 @@
              <table border="0" cellspacing="0" cellpadding="2" width="100%">
    <tr><td bgcolor="#525D76">
     <font color="#ffffff" face="arial,helvetica,sanserif">
  -   <a name="2.0.48"><strong>Apache 2.0.48 Released</strong></a>
  +   <a name="2.0.49"><strong>Apache 2.0.49 Released</strong></a>
     </font>
    </td></tr>
    <tr><td>
  @@ -137,13 +137,19 @@
   <a href="http://www.apache.org/dist/httpd/Announcement2.html.de">here</a>)
   </p>
   <p>This version of Apache is principally a bug fix release.  Of particular
  -   note is that 2.0.48 addresses two security vulnerabilities:</p>
  -<p>mod_cgid mishandling of CGI redirect paths could result in CGI output
  -   going to the wrong client when a threaded MPM is used.<br />
  -   <code>[<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789">CAN-2003-0789</a>]</code></p>
  -<p>A buffer overflow could occur in mod_alias and mod_rewrite when
  -   a regular expression with more than 9 captures is configured.<br />
  -   <code>[<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542">CAN-2003-0542</a>]</code></p>
  +   note is that 2.0.49 addresses three security vulnerabilities:</p>
  +<p>When using multiple listening sockets, a denial of service attack
  +   is possible on some platforms due to a race condition in the
  +   handling of short-lived connections.  This issue is known to affect
  +   some versions of AIX, Solaris, and Tru64; it is known to not affect
  +   FreeBSD or Linux.<br />
  +   <code>[<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174">CAN-2004-0174</a>]</code></p>
  +<p>Arbitrary client-supplied strings can be written to the error log
  +   which can allow exploits of certain terminal emulators.<br />
  +   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020">CAN-2003-0020</a>]</code></p>
  +<p>A remotely triggered memory leak in mod_ssl can allow a denial
  +   of service attack due to excessive memory consumption.<br />
  +   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113">CAN-2004-0113</a>]</code></p>
   <p>For further details, see the <a href="http://www.apache.org/dist/httpd/Announcement2.html">announcement</a>.</p>
   <p align="center">
   <a href="download.cgi">Download</a> | 
  
  
  
  1.53      +17 -10    httpd-site/xdocs/index.xml
  
  Index: index.xml
  ===================================================================
  RCS file: /home/cvs/httpd-site/xdocs/index.xml,v
  retrieving revision 1.52
  retrieving revision 1.53
  diff -u -r1.52 -r1.53
  --- index.xml	24 Nov 2003 06:26:21 -0000	1.52
  +++ index.xml	19 Mar 2004 21:51:20 -0000	1.53
  @@ -69,8 +69,8 @@
   </p>
   </section>
   
  -<section id="2.0.48">
  -<title>Apache 2.0.48 Released</title>
  +<section id="2.0.49">
  +<title>Apache 2.0.49 Released</title>
   
   <p>The Apache HTTP Server Project is proud to <a
   href="http://www.apache.org/dist/httpd/Announcement2.html">announce</a> the
  @@ -79,15 +79,22 @@
   </p>
   
   <p>This version of Apache is principally a bug fix release.  Of particular
  -   note is that 2.0.48 addresses two security vulnerabilities:</p>
  +   note is that 2.0.49 addresses three security vulnerabilities:</p>
   
  -<p>mod_cgid mishandling of CGI redirect paths could result in CGI output
  -   going to the wrong client when a threaded MPM is used.<br />
  -   <code>[<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789">CAN-2003-0789</a>]</code></p>
  -
  -<p>A buffer overflow could occur in mod_alias and mod_rewrite when
  -   a regular expression with more than 9 captures is configured.<br />
  -   <code>[<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542">CAN-2003-0542</a>]</code></p>
  +<p>When using multiple listening sockets, a denial of service attack
  +   is possible on some platforms due to a race condition in the
  +   handling of short-lived connections.  This issue is known to affect
  +   some versions of AIX, Solaris, and Tru64; it is known to not affect
  +   FreeBSD or Linux.<br/>
  +   <code>[<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0174">CAN-2004-0174</a>]</code></p>
  +                                                                                      
                                                                                         
                    
  +<p>Arbitrary client-supplied strings can be written to the error log
  +   which can allow exploits of certain terminal emulators.<br/>
  +   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0020">CAN-2003-0020</a>]</code></p>
  +                                                                                      
                                                                                         
                    
  +<p>A remotely triggered memory leak in mod_ssl can allow a denial
  +   of service attack due to excessive memory consumption.<br/>
  +   <code>[<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113">CAN-2004-0113</a>]</code></p>
   
   <p>For further details, see the <a
   href="http://www.apache.org/dist/httpd/Announcement2.html">announcement</a>.</p>
  
  
  

Mime
View raw message