Quantcast
PCWorld.com is upgrading some back-end systems. Some site features, such as user registration, may be temporarily unavailable.

Apache Patches Security Flaw

Vulnerability could allow denial of service attacks.

Paul Roberts, IDG News Service

  • 0 Yes
  • 0 No

A new release of the popular Apache 2.0 Web server fixes a number of security vulnerabilities including an as-yet-undisclosed flaw that could be used to launch a denial of service attack against machines running Apache, according to information released by the Apache Software Foundation.

The new release, version 2.0.45, is intended "principally as a security and bug fix release," according to the ASF.

First and foremost on the list of fixed vulnerabilities was a security hole discovered by David Endler, director of Technical Intelligence at security intelligence firm iDefense of Reston, Virginia.

Details on the vulnerability discovered by Endler were not disclosed, but Apache 2.0 users were encouraged to upgrade.

Endler will publish a report on the vulnerability on April 7, according to the ASF.

Other, lower priority security leaks and bug fixes were also included in the 2.0.45 release.

Another Fix Needed

However, a known DOS vulnerability that affects those systems running Apache on the OS/2 platform remains open. The latest Apache version was "too important" to delay release until the OS/2 fix could be included, the ASF said.

OS/2 users will have to wait for the release of 2.0.46 to get a fix for that problem, the ASF said.

The decision by the ASF and iDefense to withhold information on a major vulnerability for a week following the release of a patch stands in contrast to prior revelations about security holes in the Apache software.

In August, security company PivX Solutions LLC released information on a major vulnerability shortly after the ASF published a software patch to fix the problem.

Users of all prior versions of Apache were encouraged to update to the latest release.

  • Recommend this story?
  • 0 Yes
    0 No
 

Featured APC Accessories

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

People who read this also read:

  • 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
  • A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.

Sponsored Links