Download Apache 1.3.29
The folks behind Apache have released a new version of the HTTP server. The 1.3.29 update hits the bug from the code that makes mod_alias and mod_rewrite prone to a buffer overflow. In addition, three other bugs have been fixed and a new feature added. The changelog looks like this:
Apache 1.3.29 Major changes
- Security vulnerabilities
- CAN-2003-0542 (cve.mitre.org): Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures.
- Enabled RFC1413 ident functionality for both Win32 and NetWare platforms. This also included an alternate thread safe implementation of the socket timout functionality when querying the identd daemon.
- Within ap_bclose(), ap_pclosesocket() is now called consistently for sockets and ap_pclosef() for files. Also, closesocket() is used consistently to fd’s close socket. The previous confusion between socket and file fd’s would cause problems with some applications now that we proactively close fd’s to prevent leakage. PR 22805.
- Fixed mod_usertrack to not get false positive matches on the user-tracking cookie’s name. PR 16661.
- Prevent creation of subprocess Zombies when using CGI wrappers such as suEXEC and cgiwrap. PR 21737.
The main security vulnerabilities addressed in 1.3.29 are:
New features
New features that relate to specific platforms:
Bug fixed
The following bugs were found in Apache 1.3.28 (or earlier) and have been fixed in Apache 1.3.29:
[break]Apache 1.3.29 is available for the following operating systems:
MacOS X Darwin
MacOS X
Novell Netware
Windows 9x/Me/2k/XP
Linux x86
| Version number | 1.3.29 |
| Operating systems | Windows 9x, Windows NT, Windows 2000, Windows XP, Linux x86, Mac OS Classic, macOS |
| Website | Apache.org |
| Download | |
| File size |
8.99MB |
| License type | GPL |