Apache 1.3.33 released

cPanel has released a new easyapache this morning which upgrades Apache to 1.3.33 following the Apache Group's release of Apache 1.3.33 to fix a security flaw in mod_include and in the Content-Length field.

The official announcement is available as well as the ChangeLog for the 1.3.x series.

This version of Apache is principally a bug and security fix release. A partial summary of the bug fixes is given at the end of this document. A full listing of changes can be found in the CHANGES file. Of particular note is that 1.3.33 addresses and fixes 2 potential security issues:

* CAN-2004-0940 (cve.mitre.org)
Fix potential buffer overflow with escaped characters in SSI tag string.
* CAN-2004-0492 (cve.mitre.org)
Reject responses from a remote server if sent an invalid (negative) Content-Length.

 

 

 

 

Top