Am 31.08.2011 19:31, schrieb Paul W. Frields:
On Wed, Aug 31, 2011 at 05:39:14PM +0200, Reindl Harald wrote:
> this update should be really fast pushed out
>
> the demo-exploit brings down a 4x2.50GHz machine with 8 GB
> RAM in some seconds without having the known workarounds
> or explicit mod_security-Rules in front
>
> -------- Original-Nachricht --------
> Betreff: [ANNOUNCEMENT] Apache HTTP Server 2.2.20 Released
> Datum: Wed, 31 Aug 2011 07:21:33 -0400
> Von: Jim Jagielski <jim(a)jaguNET.com>
> Antwort an: dev(a)httpd.apache.org
> An: dev(a)httpd.apache.org
>
> Apache HTTP Server 2.2.20 Released
[...snip...]
The security bug is already being tracked:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3192
I'd expect a new package to be issued shortly. Once that happens, if
you want to contribute to pushing this out, be ready to test the fixed
package and add karma. The process works when people participate
we are in production with > 20 servers on F14 since some hours
own packages with optimized build-flags based on the Fedora-SPEC-File