- What does Cisco have against Quebec?
- Attrition.org nails another nitwit
- Diary of a deliberately spammed housewife
- Seven cloud-computing security risks
- 20 great Windows open source projects
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
The latest release of Apache 2.0 fixes a number of security vulnerabilities including an as-yet-undisclosed flaw that could be used to launch a denial of service attack against machines running the popular Web server, according to information released by the Apache Software Foundation (ASF).
The new release, version 2.0.45, is intended "principally as a security and bug fix release," according to the ASF.
First and foremost on the list of fixed vulnerabilities was a security hole discovered by David Endler, director of Technical Intelligence at security intelligence firm iDefense. Details on the vulnerability discovered by Endler were not disclosed, but Apache 2.0 users were encouraged to upgrade.
Endler will publish a report on the vulnerability on April 7, according to the ASF.
Other, lower priority security leaks and bug fixes were also included in the 2.0.45 release.
However, a known DOS vulnerability that affects those systems running Apache on the OS/2 platform remains open. The latest Apache version was "too important" to delay release until the OS/2 fix could be included, the ASF said.
OS/2 users will have to wait for the release of 2.0.46 to get a fix for that problem, the ASF said.
The decision by the ASF and iDefense to withhold information on a major vulnerability for a week following the release of a patch stands in contrast to prior revelations about security holes in the Apache software.
In August, security company PivX Solutions released information on a major vulnerability shortly after the ASF published a software patch to fix the problem.
Users of all prior versions of Apache were encouraged to update to the latest release.
Rss FeedRss Feed
Look, no one wants to accidentally (how ever well intended) let sensitive corporate or personal data...- Robert (30yr IT vet)
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment