PDA

View Full Version : Apache 1.3.34 Released

Zaf
10-24-2005, 01:02 PM
This version of Apache is principally a security and bug fix release. Of particular note is that 1.3.34 addresses the following security issue:

If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks.

Changes with Apache 1.3.34

*) hsregex: fix potential core dumping on 64 bit machines, such as
AMD64. PR 31858. [Glenn Strauss < gs-apache-dev gluelogic.com>]

*) SECURITY: core: If a request contains both Transfer-Encoding and
Content-Length headers, remove the Content-Length, mitigating some
HTTP Request Splitting/Spoofing attacks. This has no impact on
mod_proxy_http, yet affects any module which supports chunked
encoding yet fails to prefer T-E: chunked over the Content-Length
purported value. [Paul Querna, Joe Orton]

*) Added TraceEnable [on|off|extended] per-server directive to alter
the behavior of the TRACE method. This addresses a flaw in proxy
conformance to RFC 2616 - previously the proxy server would accept
a TRACE request body although the RFC prohibited it. The default
remains 'TraceEnable on'.
[William Rowe]

*) mod_digest: Fix another nonce string calculation issue.
[Eric Covener]
BornOnline
10-24-2005, 01:33 PM
Upgraded Apache and MySQL this weekend.
No problems...
mikeinzoniland
10-24-2005, 04:25 PM
Did the upgrade also upgrade PHP? I would really like to keep my PHP 4.3.11 and MySQL 4.0.25 if possible.

I'm using WHM/cPanel.

Thanks
BornOnline
10-24-2005, 08:52 PM
I did not upgrade PHP yet. Still on 4.3.11. Just checkout apache update in WHM and click "Load Previous Config". You can select whatever PHP version you want.
mikeinzoniland
10-24-2005, 09:30 PM
Thank you! I went ahead just a little while ago and updated apache via SSH with the /script/easyapache method, and saw where one could select the PHP version. So far eveything seems ok.

But next time I'll try it thru WHM like you said. :D
netrider
10-25-2005, 10:07 PM
I did not upgrade PHP yet. Still on 4.3.11. Just checkout apache update in WHM and click "Load Previous Config". You can select whatever PHP version you want.

Stuffed it for my VPS. Apache won't start after the update, and even support are unable to determine why and what's wrong. Have to restore from backups to get it working again :(
Izzy
10-26-2005, 12:15 AM
Thank you! I went ahead just a little while ago and updated apache via SSH with the /script/easyapache method, and saw where one could select the PHP version. So far eveything seems ok.

But next time I'll try it thru WHM like you said. :DApache Update in WHM is in fact a GUI frontend for the SSH /script/easyapache method. :)