Apache 1.3 と 2.0 系に新版、セキュリティ問題を修正(Japan.internet.com)
先日、お伝えしたApacheの新版についてのニュース
昨日の夜にApacheのアナウンスがきましたね。
Apache 2.0.48 Released(ApacheアナウンスMLより)
mod_cgid mishandling of CGI redirect paths could result in CGI output
going to the wrong client when a threaded MPM is used.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789
A buffer overflow could occur in mod_alias and mod_rewrite when
a regular expression with more than 9 captures is configured.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542
Apache HTTP Server 1.3.29 Released(ApacheアナウンスMLより)
o CAN-2003-0542 (cve.mitre.org)
Fix buffer overflows in mod_alias and mod_rewrite which occurred
if
one configured a regular expression with more than 9 captures.