Apache HTTP Server 2.2.17 and 2.0.64: Released

Users of Apache HTTP Server please be advised of new versions released that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

Apache-SA-10/19/2010: Apache HTTP Server 2.2.17 and 2.0.64 Released

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.17 of the Apache HTTP Server ("Apache"). This version of Apache is principally a bug fix release, and a security fix release of the APR-util 1.3.10 dependency;

* SECURITY: CVE-2010-1623 (cve.mitre.org) Fix a denial of service attack against apr_brigade_split_line(). * SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org) Fix two buffer over-read flaws in the bundled copy of expat which could cause httpd to crash while parsing specially-crafted XML documents.

We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade.

Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/cs48gW