ADMIN - Explore the new world of system administration! Special introductory offer! Order by September 30th to save 10% off the regular subscription price! Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better:
network security
system management
troubleshooting
performance tuning
virtualization
cloud computing
on Windows, Linux, Solaris, and popular varieties of Unix.
No less than five vulnerabilities were eradicated by the release of a new version of the Apache Web server.
Release 2.2.6 removes five partly critical security holes. Four of them are also closed by the latest 2.0 branch release, version 2.0.61. According to the Apache Foundation's release notes, vulnerabilities were removed in the "mod_proxy" and "mod_cache" modules. Attackers had previously been able to crash servers by targeted requests leading to a Denial-of-Service (DoS) attack.
A cross site scripting bug discovered by Stefan Esser – the initiator of the "Month of PHP Bugs" – is also a thing of the past. The fourth bug that affected both versions resulted in a DoS vulnerability in the Prefork-MPM module. The bug in the "mod_mem_cache" module only occurs in the 2.2 series. The vulnerability gave attackers the ability to read headers from prior connections in some circumstances.
The developers advise server administrators to switch to one of the new versions as soon as possible. The versions are available, as always, from the project's mirror servers. Besides fixing various vulnerabilities, the patches also include a number of bugfixes.
Get 3 Issues + 3 DVDs for the price of a single issue!
Let Linux Magazine's hands-on, technical articles guide you in your daily Linux use. Check out bonus DVDs like Ubuntu, SUSE, or Fedora and save the download.
Only available for a limited time. Don't miss out!
Comments