Apache 2.2.17

Discussion dans 'Panneaux de Contrôle' démarrée par guillaume, Déc 8, 2010.

  1. guillaume

    guillaume Member

    depuis fin octobre une nouvelle version d'apache a fait son apparition.
    voici les changelogs (securités fix, toutes les versions 2.2.x sont touchés).
    low: expat DoS CVE-2009-3720
    A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.

    Update Released: 19th October 2010

    Affects: 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0

    low: expat DoS CVE-2009-3560
    A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.

    Update Released: 19th October 2010

    Affects: 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0

    low: apr_bridage_split_line DoS CVE-2010-1623
    A flaw was found in the apr_brigade_split_line() function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service.

    Update Released: 19th October 2010

    Affects: 2.2.16, 2.2.15, 2.2.14, 2.2.13, 2.2.12, 2.2.11, 2.2.10, 2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0

    mettre a jour si cela n'est pas encore fait.
    les versions 2.0.x sont énormements touchés mettre=>Apache 2.0.64
     

Partager cette page