Hewlett Packard Enterprise Community
Help
cancel
Turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HPWS --> Apache 2.2.20 Update for CVE-2011-3192

bsekleckiFedex
Occasional Contributor
‎08-31-2011 05:36 AM
‎08-31-2011 05:36 AM

HPWS --> Apache 2.2.20 Update for CVE-2011-3192

Message contains a hyperlink

When will HP Update HPWS to solve CVE-2011-3192 ?  Upgrading it to 2.2.20 is the right thing to do, but I don't actually expect that.


Instead, pull a Redhat and patch it.

 

The work-arounds work, but that kills file-seeking on streams and resume downloads.


~BAS

 

----

Date: Wed, 31 Aug 2011 07:21:49 -0400
From: Jim Jagielski <jim@apache.org>
To: announce@apache.org
Subject: [ANNOUNCEMENT] Apache HTTP Server 2.2.20 Released

 

Apache HTTP Server 2.2.20 Released

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.20 of the Apache HTTP Server ("Apache").  This version of Apache is principally a security and bug fix release:

 

* SECURITY: CVE-2011-3192 (cve.mitre.org)
 core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than  the original file, ignore the ranges and send the complete file. PR 51714.

 


We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade.


Brian A Seklecki
Fedex Services
Tags (4)
0 Kudos
Reply