Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: New Apache web server release - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Apache web server release

The Apache folks have released version 2.4.9 of their ubiquitous web server.  This one fixes a couple of security vulnerabilities along with some other bug fixes, one in mod_log_config having to do with issues with truncated cookies and one in mod_dav that was a potential denial of service.  Expect most of the Linux distros to apply the appropriate fixes shortly, but if you are building from source or running on a platform that won't push the updates to you, go grab the update.

 

References:

http://httpd.apache.org/security/vulnerabilities_24.html

http://www.apache.org/dist/httpd/CHANGES_2.4.9

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

Jim

399 Posts
ISC Handler
Expect Apple to incorporate it into OS X sometime in early 2016
Anonymous
Posts

Sign Up for Free or Log In to start participating in the conversation!