Apache 2.0.45

Apache 2.0.45 has been released. From the apache httpd website:

This version of Apache is principally a security and bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 2.0.45 addresses two security vulnerabilities, both affecting all platforms.

Prior Apache 2.0 versions through 2.0.44 had a significant Denial of Service vulnerability that was identified and reported by David Endler , and fixed with this release. The specific details of this issue will be published by David Endler one week from this release, on April 8th [this is the correct, revised date]. No more specific information is disclosed at this time, but all Apache 2.0 users are encouraged to upgrade now. [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0132]

This release eliminated leaks of several file descriptors to child processes, such as CGI scripts, which could consitute a security threat on servers that run untrusted CGI scripts. This issue was identified, reported and addressed by Christian Kratzer and Bjoern A. Zeeb .

  • Next time include sources please =)