httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: [users@httpd] Re: [announce] Apache HTTP Server 2.2.17 and 2.0.64 Released
Date Wed, 20 Oct 2010 20:05:21 GMT
On 10/20/2010 1:44 AM, Matus UHLAR - fantomas wrote:
> On 19.10.10 11:27, William A. Rowe Jr. wrote:
>> Subject: [announce] Apache HTTP Server 2.2.17 and 2.0.64 Released
> 
>>    The Apache Software Foundation and the Apache HTTP Server Project are
>>    pleased to announce the release of version 2.2.17 of the Apache HTTP
>>    Server ("Apache").  This version of Apache is principally a bug fix
>>    release, and a security fix release of the APR-util 1.3.10 dependency;
>>
>>      * SECURITY: CVE-2010-1623 (cve.mitre.org)
>>        Fix a denial of service attack against apr_brigade_split_line().
>>
>>      * SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org)
>>        Fix two buffer over-read flaws in the bundled copy of expat which
>>        could cause httpd to crash while parsing specially-crafted
>>        XML documents.
> 
> does this mean that if I have apache compiled with external
> apr-util-1.3.10 and external expat, I am safe?

>From these two flaws?  Only if your external expat is also up-to-date, refer
that question to the expat community.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message