Downloads

Software Update: Apache 1.3.27

By admin
Spread the love

While the latest Apache is already at version 2.0.43, the makers have released a version 1.3.27 anyway. Siebrand was able to report this to us. This version has been released for older modules, which do not work under the 2.0 series. The full changelog is via this link to find. Below is an excerpt from this changelog:

Apache 1.3.27 Major changes
Security vulnerabilities

  • Fix the security vulnerability noted in CAN-2002-0839 (cve.mitre.org) regarding ownership permissions of System V shared memory based scoreboards. The fix resulted in the new ShmemUIDisUser directive.
  • Fix the security vulnerability noted in CAN-2002-0840 (cve.mitre.org) regarding a cross-site scripting vulnerability in the default error page when using wildcard DNS.
  • Fix the security vulnerability noted in CAN-2002-0843 (cve.mitre.org) regarding some possible overflows in ab.c which could be exploited by a malicious server.

    New features

  • The new ErrorHeader directive has been added.
  • Configuration file globbing can now use simple pattern matching.
  • The protocol version (eg: HTTP/1.1) in the request line parsing is now case insensitive.
  • ap_snprintf() can now distinguish between an output which was truncated, and an output which exactly filled the buffer.
  • Add ProtocolReqCheck directive, which determines if Apache will check for a valid protocol string in the request (eg: HTTP/1.1) and return HTTP_BAD_REQUEST if not valid. Versions of Apache prior to 1.3.26 would silently ignore bad protocol strings, but 1.3.26 included a more strict check. This makes it runtime configurable.
  • Added support for Berkeley-DB/4.x to mod_auth_db.
    httpd -V will now also print out the compile time defined HARD_SERVER_LIMIT value.
    New features that relate to specific platforms:
  • Support Caldera Open UNIX 8.
  • Use SysV semaphores by default on OpenBSD.
  • Implemented file locking in mod_rewrite for the NetWare CLib platform.

    Bug fixed

  • mod_proxy fixes:
    The cache in mod_proxy was incorrectly updating the Content-Length value from 304 responses when doing validation.
  • Fix a problem in proxy where headers from other modules were added to the response headers when this was already done in the core already.
  • In 1.3.26, a null or all blank Content-Length field would be triggered as an error; previous versions would silently ignore this and assume 0. 1.3.27 restores this previous behavior.
  • Win32: Fix one byte buffer overflow in ap_get_win32_interpreter when a CGI script’s #! line does not contain a r or n (ie a line feed character) in the first 1023 bytes. The overflow is always a ‘’ (string termination) character.

    • Version number 1.3.27
    Operating systems Windows 9x, Windows NT, Windows 2000, Linux, BSD, Windows XP, Linux x86, Solaris, UNIX
    Website Apache
    Download
    License type Conditions (GNU/BSD/etc.)
    You might also like
    News

    Rumor: Apple is working on its own applications based on a large language model

    News

    EU Council determines position on security requirements for digital products

    News

    Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

    News

    Meta introduces open source language model Llama 2, works on PCs and phones

    News

    Logitech acquires stream controller maker Loupedeck

    News

    Anticheat FaceIT gets Linux version, enables Steam Deck support