[Phpwm] Apache DoS vulnerability
david at codepoets.co.uk
Thu Sep 1 14:37:53 UTC 2011
Yes, they (Apache) have released a fix -
But I think Debian rolled their own fix - as per
"Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file."
Although once released through Debian you would expect Ubuntu to effectively deploy the same fix and so on....
On 1 Sep 2011, at 14:12, Charles Barnwell wrote:
> Well, my good old Debian Lenny system had an update for apache
> yesterday. No sign of an update for Ubuntu yet.
> On 27 August 2011 21:13, Rob Allen <rob at akrabat.com> wrote:
>> Thanks for the heads-up, David. I'm back from a week's holiday today, so have updated my apache conf files appropriately with the info from http://lwn.net/Articles/456513/
> Phpwm mailing list
> Website : http://www.phpwm.org
> Twitter : http://www.twitter.com/phpwm
> Facebook: http://www.facebook.com/group.php?gid=2361609907
> Post to list: Phpwm at mailman.lug.org.uk
> Archive etc : https://mailman.lug.org.uk/mailman/listinfo/phpwm
More information about the Phpwm