[Phpwm] Apache DoS vulnerability
David Goodwin
david at codepoets.co.uk
Thu Sep 1 14:37:53 UTC 2011
Yes, they (Apache) have released a fix -
https://lwn.net/Articles/457039/
But I think Debian rolled their own fix - as per
"Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file."
and :
https://lwn.net/Articles/456887/
Although once released through Debian you would expect Ubuntu to effectively deploy the same fix and so on....
David.
On 1 Sep 2011, at 14:12, Charles Barnwell wrote:
> Well, my good old Debian Lenny system had an update for apache
> yesterday. No sign of an update for Ubuntu yet.
>
> Charles
>
>
> On 27 August 2011 21:13, Rob Allen <rob at akrabat.com> wrote:
>>
>> Thanks for the heads-up, David. I'm back from a week's holiday today, so have updated my apache conf files appropriately with the info from http://lwn.net/Articles/456513/
>>
>> Regards,
>>
>> Rob..
>>
>
> _______________________________________________
> Phpwm mailing list
> Website : http://www.phpwm.org
> Twitter : http://www.twitter.com/phpwm
> Facebook: http://www.facebook.com/group.php?gid=2361609907
>
> Post to list: Phpwm at mailman.lug.org.uk
> Archive etc : https://mailman.lug.org.uk/mailman/listinfo/phpwm
More information about the Phpwm
mailing list