[ANNOUNCEMENT] Apache HTTP Server 2.2.20 Released
Paul W. Frields
stickster at gmail.com
Wed Aug 31 20:09:10 UTC 2011
On Wed, Aug 31, 2011 at 08:28:20PM +0200, Reindl Harald wrote:
>
>
> Am 31.08.2011 19:31, schrieb Paul W. Frields:
> > On Wed, Aug 31, 2011 at 05:39:14PM +0200, Reindl Harald wrote:
> >> this update should be really fast pushed out
> >>
> >> the demo-exploit brings down a 4x2.50GHz machine with 8 GB
> >> RAM in some seconds without having the known workarounds
> >> or explicit mod_security-Rules in front
> >>
> >> -------- Original-Nachricht --------
> >> Betreff: [ANNOUNCEMENT] Apache HTTP Server 2.2.20 Released
> >> Datum: Wed, 31 Aug 2011 07:21:33 -0400
> >> Von: Jim Jagielski <jim at jaguNET.com>
> >> Antwort an: dev at httpd.apache.org
> >> An: dev at httpd.apache.org
> >>
> >> Apache HTTP Server 2.2.20 Released
> > [...snip...]
> >
> > The security bug is already being tracked:
> > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3192
> >
> > I'd expect a new package to be issued shortly. Once that happens, if
> > you want to contribute to pushing this out, be ready to test the fixed
> > package and add karma. The process works when people participate
>
> we are in production with > 20 servers on F14 since some hours
> own packages with optimized build-flags based on the Fedora-SPEC-File
Not sure what this had to do with my reply, but in the meantime you
can use the mitigation that Apache sent out. I'm doing that on my own
servers for now.
--
Paul W. Frields http://paul.frields.org/
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://redhat.com/ - - - - http://pfrields.fedorapeople.org/
The open source story continues to grow: http://opensource.com
More information about the devel
mailing list