- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- HPWS --> Apache 2.2.20 Update for CVE-2011-3192
Categories
Company
Local Language
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- This widget could not be displayed.This widget could not be displayed.This widget could not be displayed.This widget could not be displayed.This widget could not be displayed.This widget could not be displayed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2011 05:36 AM - edited 08-31-2011 05:38 AM
08-31-2011 05:36 AM - edited 08-31-2011 05:38 AM
HPWS --> Apache 2.2.20 Update for CVE-2011-3192
When will HP Update HPWS to solve CVE-2011-3192 ? Upgrading it to 2.2.20 is the right thing to do, but I don't actually expect that.
Instead, pull a Redhat and patch it.
The work-arounds work, but that kills file-seeking on streams and resume downloads.
~BAS
----
Date: Wed, 31 Aug 2011 07:21:49 -0400
From: Jim Jagielski <jim@apache.org>
To: announce@apache.org
Subject: [ANNOUNCEMENT] Apache HTTP Server 2.2.20 Released
Apache HTTP Server 2.2.20 Released
The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.20 of the Apache HTTP Server ("Apache"). This version of Apache is principally a security and bug fix release:
* SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. PR 51714.
We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade.
Brian A Seklecki
Fedex Services