CVE-2014-0098 (cve.mitre.org) Segfaults with truncated cookie logging. mod_log_config: Prevent segfaults when logging truncated cookies. Clean up the cookie logging parser to recognize only the cookie=value pairs, not valueless cookies.
CVE-2013-6438 (cve.mitre.org) mod_dav: Keep track of length of cdata properly when removing leading spaces. Eliminates a potential denial of service from specifically crafted DAV WRITE requests
Apache HTTP Server 2.2.27 发布
Apache HTTP Server 2.2.27 发布,该版本主要是安全维护版本,包括:
CVE-2014-0098 (cve.mitre.org)
Segfaults with truncated cookie logging.
mod_log_config: Prevent segfaults when logging truncated
cookies. Clean up the cookie logging parser to recognize
only the cookie=value pairs, not valueless cookies.
CVE-2013-6438 (cve.mitre.org)
mod_dav: Keep track of length of cdata properly when removing
leading spaces. Eliminates a potential denial of service from
specifically crafted DAV WRITE requests
下载地址:
Source: httpd-2.2.27.tar.gz[ PGP ] [MD5 ] [SHA1 ]
Source:httpd-2.2.27.tar.bz2 [PGP ] [MD5 ] [SHA1 ]