Welcome!

Linux Containers Authors: Elizabeth White, Liz McMillan, Yeshim Deniz, Pat Romanski, Zakia Bouachraoui

Related Topics: Apache, Linux Containers

Apache: Article

Apache group issues update, warns of security hole

Apache, 2.0.46 is a security and bug fix

(IDG News Service) — For the second time in as many months, the Apache Software Foundation released an updated version of the popular open source Web server software, only to warn users of a critical security hole in previous versions of the software that the update patches.

The new version of Apache, 2.0.46, was described as "principally a security and bug fix release" in a bulletin released by the open source organization Wednesday.

Among those fixes is a patch for a security hole in the mod_dav module that could be exploited remotely, causing an Apache Web server process to crash, according to the bulletin.

Mod_dav is an open source module that provides WebDAV (World Wide Web Distributed Authoring and Versioning) protocol support for the Apache Web server.

WebDAV is a set of extensions to HTTP (Hypertext Transfer Protocol) that allows users to edit and manage files on remote Web servers. The protocol is designed to create interoperable, collaborative applications that facilitate geographically-dispersed "virtual" software development teams.

Few details were available regarding the mod_dav vulnerability, which was first discovered and reported to the Foundation by a researcher at security firm iDefense Inc.

Further details regarding the problem will be published on Friday, the bulletin said.

In March, Microsoft released a patch for a security hole in a core Windows component used to handle an unchecked buffer in a Windows 2000 component used to handle the WebDAV protocol. That flaw, which has already been exploited by hackers, could enable an attacker to cause a buffer overflow on the machine running Internet Information Server, according to the Microsoft Security bulletin MS03-007.

A second fix is for a denial-of-service vulnerability affecting Apache's authentication module.

By exploiting a bug in configuration scripts used by a function for password validation, attackers could launch remote denial of service attacks that would cause valid user names and passwords to be rejected, the bulletin said.

The vulnerabilities affect versions of Apache ranging from 2.0.37 up to the most recent release, 2.0.45, which came out in April.

That latest version was also released in response to a heretofore unknown critical security flaw which, like the mod_dav vulnerability, was discovered by iDefense and described in detail at a later date.

As with its last software update, the Apache Software Foundation said that 2.0.46 was the "best version of Apache available" and recommended that users of prior Apache versions upgrade.

More Stories By Paul Roberts

Paul Roberts is a Boston correspondent for the IDG News Service, a Linux.SYS-CON.com affiliate.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or per...
DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by FinTechEXPO. ICOHOLDER gives detailed information and help the community to invest in the trusty projects. Miami Blockchain Event by FinTechEXPO has opened its Call for Papers. The two-day event will present 20 top Blockchain experts. All speaking inquiries which covers the following information can be submitted by email to [email protected] Miami Blockchain Event by FinTechEXPOalso offers sp...
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...