Apache Closes Down Vulnerabilities
No less than five vulnerabilities were eradicated by the release of a new version of the Apache Web server.
Release 2.2.6 removes five partly critical security holes. Four of them are also closed by the latest 2.0 branch release, version 2.0.61. According to the Apache Foundation's release notes, vulnerabilities were removed in the "mod_proxy" and "mod_cache" modules. Attackers had previously been able to crash servers by targeted requests leading to a Denial-of-Service (DoS) attack.
A cross site scripting bug discovered by Stefan Esser – the initiator of the "Month of PHP Bugs" – is also a thing of the past. The fourth bug that affected both versions resulted in a DoS vulnerability in the Prefork-MPM module. The bug in the "mod_mem_cache" module only occurs in the 2.2 series. The vulnerability gave attackers the ability to read headers from prior connections in some circumstances.
The developers advise server administrators to switch to one of the new versions as soon as possible. The versions are available, as always, from the project's mirror servers. Besides fixing various vulnerabilities, the patches also include a number of bugfixes.
Issue 230/2020
Buy this issue as a PDF
News
-
Elementary OS 5.1 Has Arrived
One of the most highly regarded Linux desktop distributions has released its next iteration.
-
Linux Mint 19.3 Will be Released by Christmas
The developers behind Linux Mint have announced 19.3 will be released by Christmas 2019.
-
Linux Kernel 5.4 Released
A number of new changes and improvements have reached the Linux kernel.
-
System76 To Design And Build Laptops In-House
In-house designed and built laptops coming from System76.
-
News and views on the GPU revolution in HPC and Big Data:
-
The PinePhone Pre-Order has Arrived
Anyone looking to finally get their hands on an early release of the PinePhone can do so as of November 15.
-
Microsoft Edge Coming to Linux
Microsoft is bringing it’s new Chromium-based Edge browser to Linux.
-
Open Invention Network Backs Gnome Project Against Patent Troll
OIN has deployed its legal team to find prior art.
-
Fedora 31 Released
The latest version of Fedora comes with new packages and libraries.
-
openSUSE OBS Can Now Build Windows WSL Images
openSUSE enables developers to build their own WSL distributions.