[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

[webdav-jp:0894] Apache 1.3.29／2.0.48 released

To: webdav-jp@xxxxxxxx
Subject: [webdav-jp:0894] Apache 1.3.29／2.0.48 released
From: 吉山晃 <yosshy@xxxxxxxxxxxx>
Date: Wed, 29 Oct 2003 23:06:11 +0900
Cc: dav-dev-jp@xxxxxxxxxx
Delivered-to: webdav-jp@Begi.net
Posted: Wed, 29 Oct 2003 23:06:34 +0900

  吉山です。

  Apache 1.3.29 と 2.0.48 がリリースされています。セキュリティホールとして、

(Apache 2.0.48 のみ)
mod_cgid mishandling of CGI redirect paths could result in CGI output
going to the wrong client when a threaded MPM is used. [CAN-2003-0789]

(Apache 1.3.29, 2.0.48共通)
A buffer overflow could occur in mod_alias and mod_rewrite when a regular
expression with more than 9 captures is configured. [CAN-2003-0542]

の２つが挙げられています。御参考までに。

---
吉山あきら<yosshy@xxxxxxxxxxxx>

p.s.
LC2003 の Lightning Talk の１番目で発表する事になりました。ネタはセキュリ
ティホールを持つサービスを自動的にブロックする自作のソフトウェアです。
http://lc.linux.or.jp/lc2003/01.html
http://sourceforge.jp/projects/isabs/

Follow-Ups:
- [webdav-jp:0895] mount by smbclient
  - From: Seiichi Takeda

Prev by Subject: [webdav-jp:0893] Debian の libc6
Next by Subject: [webdav-jp:0895] mount by smbclient
Previous by thread: [webdav-jp:0893] Debian の libc6
Next by thread: [webdav-jp:0895] mount by smbclient
Index(es):
- Subject
- Thread