FreeBSD Apache Multiple Vulnerabilities Fix Available

by on May 28, 2008 · 0 comments· LAST UPDATED June 28, 2008

in , ,

FreeBSD has issued updated version of its Apache package. This release considered as important and encourage users of all prior versions to upgrade.

Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unpsecified vectors.

The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.

How do I upgrade Apache under FreeBSD?

Simply run the following two commands:
# portsnap fetch extract
# portupgrade -a
# portversion

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 0 comments… add one now }

Leave a Comment

Tagged as: , , , , , , , , , , , , , , , ,

Previous post:

Next post: