Apache HTTP Server 2.2.20 Released

Apache has released an update to its HTTP server that fixes the denial of service problem that was reported on August 24 (and updated on August 26). We should see updates from distributions soon, though it should be noted that Debian put out an update on August 29. “Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file.”

Read more at LWN.net

Comments are closed.