The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the eighth public release of the Apache 2.0 HTTP Server. This Announcement notes the significant changes in 2.0.45 as compared to 2.0.44.
OS2 users; note that Apache 2.0 versions *including* 2.0.45 still have a Denial of Service vulnerability that was identified and reported by Robert Howard
This version of Apache is principally a security and bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 2.0.45 addresses two security vulnerabilities, both affecting all platforms.
Prior Apache 2.0 versions through 2.0.44 had a significant Denial of Service vulnerability that was identified and reported by David Endler
This release eliminated leaks of several file descriptors to child processes, such as CGI scripts, which could consitute a security threat on servers that run untrusted CGI scripts. This issue was identified, reported and addressed by Christian Kratzer and Bjoern A. Zeeb.
The Apache Software Foundation would like to thank David Endler, Christian Kratzer, Bjoern Zeeb and Robert Howard for the responsible reporting of these issues.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.