New version of Apache fixes security holes

By N-Stalker Team on July 20, 2003

Version 2.0.47 of Apache has been released and is principally a security and bug fix release. Of particular note is that 2.0.47 addresses four security vulnerabilities:

Certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one could result in the weak ciphersuite being used in place of the strong one. [CAN-2003-0192]

Certain errors returned by accept() on rarely accessed ports could cause temporal denial of service, due to a bug in the prefork MPM. [CAN-2003-0253]

Denial of service was caused when target host is IPv6 but ftp proxy server can’t create IPv6 socket. [CAN-2003-0254]

The server would crash when going into an infinite loop due to too many subsequent internal redirects and nested subrequests. [VU#379828]

To download it: http://httpd.apache.org/download.cgi.

This entry was posted in Previous Security Advisories. Bookmark the permalink.