new apache 2.2.18

#1
une vulnerabilité etant trouver dans la version 2.2.17 .
Apache nous propose de passer a la 2.2.18,cette nouvelle version corrige une attaque dos.

moderate: apr_fnmatch flaw leads to mod_autoindex remote DoS CVE-2011-0419

A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack.

Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions' directive disables processing of the client-supplied request query arguments, preventing this attack.

pour ceux qui ont la branche 2.2.X IL EST CONSEILLER DE METTRE A JOUR.A+
 
Haut