Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Apache web server release

Published: 2014-03-17
Last Updated: 2014-03-18 19:38:10 UTC
by Jim Clausing (Version: 1)
1 comment(s)

The Apache folks have released version 2.4.9 of their ubiquitous web server.  This one fixes a couple of security vulnerabilities along with some other bug fixes, one in mod_log_config having to do with issues with truncated cookies and one in mod_dav that was a potential denial of service.  Expect most of the Linux distros to apply the appropriate fixes shortly, but if you are building from source or running on a platform that won't push the updates to you, go grab the update.

 

References:

http://httpd.apache.org/security/vulnerabilities_24.html

http://www.apache.org/dist/httpd/CHANGES_2.4.9

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

Keywords: apache
1 comment(s)
Diary Archives