Apache HTTP Server 2.2.14 released for security

From the ‘No Worries It’s Apache‘ files:


The Apache Software Foundation is out this week with a new update to its popular open source Apache HTTP server.

Apache HTTP Server 2.2.14  fixes three security vulnerabilities which could potentially have left users at risk, albeit a small risk.

One of the fixes is for a NULL pointer dereference in the mod_proxy_ftp module.  The flaw potentially could have enabled an attacked to trigger a denial of service (DoS) attack via an Apache powered FTP server. NULL pointer errors are common in software development. According to a recent Coverity study, NULL pointer errors have remained the most common type of coding error in open source software over the past three years.

There is also a security fix specific to the Solaris build of Apache, fixing a flaw that could cause the server to reset.

Apache has included numerous other (non-security) bug fixes making Apache 2.2.14 more stable.

As part of the update, Apache is not currently updating it’s older Apache 2.0.x and Apache 1.3.x webservers. The last releases for those legacy webservers came in January of 2008.

News Around the Web