si
Administrator
Apache 1.3.29 Released
http://www.apache.org/dist/httpd/Announcement.html
Apache 1.3.29 Major changes
Security vulnerabilities
The main security vulnerabilities addressed in 1.3.29 are:
CAN-2003-0542 (cve.mitre.org): Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures.
New features
New features that relate to specific platforms:
Enabled RFC1413 ident functionality for both Win32 and NetWare platforms. This also included an alternate thread safe implementation of the socket timout functionality when querying the identd daemon.
Bugs fixed
The following bugs were found in Apache 1.3.28 (or earlier) and have been fixed in Apache 1.3.29:
Within ap_bclose(), ap_pclosesocket() is now called consistently for sockets and ap_pclosef() for files. Also, closesocket() is used consistenly to close socket fd's. The previous confusion between socket and file fd's would cause problems with some applications now that we proactively close fd's to prevent leakage. PR 22805.
Fixed mod_usertrack to not get false positive matches on the user-tracking cookie's name. PR 16661.
Prevent creation of subprocess Zombies when using CGI wrappers such as suEXEC and cgiwrap. PR 21737.
http://www.apache.org/dist/httpd/Announcement.html
Apache 1.3.29 Major changes
Security vulnerabilities
The main security vulnerabilities addressed in 1.3.29 are:
CAN-2003-0542 (cve.mitre.org): Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures.
New features
New features that relate to specific platforms:
Enabled RFC1413 ident functionality for both Win32 and NetWare platforms. This also included an alternate thread safe implementation of the socket timout functionality when querying the identd daemon.
Bugs fixed
The following bugs were found in Apache 1.3.28 (or earlier) and have been fixed in Apache 1.3.29:
Within ap_bclose(), ap_pclosesocket() is now called consistently for sockets and ap_pclosef() for files. Also, closesocket() is used consistenly to close socket fd's. The previous confusion between socket and file fd's would cause problems with some applications now that we proactively close fd's to prevent leakage. PR 22805.
Fixed mod_usertrack to not get false positive matches on the user-tracking cookie's name. PR 16661.
Prevent creation of subprocess Zombies when using CGI wrappers such as suEXEC and cgiwrap. PR 21737.