- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- HPWS --> Apache 2.2.20 Update for CVE-2011-3192
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2011 05:36 AM - edited 08-31-2011 05:38 AM
08-31-2011 05:36 AM - edited 08-31-2011 05:38 AM
HPWS --> Apache 2.2.20 Update for CVE-2011-3192
When will HP Update HPWS to solve CVE-2011-3192 ? Upgrading it to 2.2.20 is the right thing to do, but I don't actually expect that.
Instead, pull a Redhat and patch it.
The work-arounds work, but that kills file-seeking on streams and resume downloads.
~BAS
----
Date: Wed, 31 Aug 2011 07:21:49 -0400
From: Jim Jagielski <jim@apache.org>
To: announce@apache.org
Subject: [ANNOUNCEMENT] Apache HTTP Server 2.2.20 Released
Apache HTTP Server 2.2.20 Released
The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.20 of the Apache HTTP Server ("Apache"). This version of Apache is principally a security and bug fix release:
* SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. PR 51714.
We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade.
Brian A Seklecki
Fedex Services