Description of problem: The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.6 of the Apache HTTP Server ("Apache"). This version of Apache is principally a bug and security fix release. The following potential security flaws are addressed: - CVE-2007-3847: mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. - CVE-2007-1863: mod_cache: Prevent a segmentation fault if attributes are listed in a Cache-Control header without any value. - CVE-2007-3304: prefork, worker, event MPMs: Ensure that the parent process cannot be forced to kill processes outside its process group. - CVE-2006-5752: mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser. - CVE-2006-1862: mod_mem_cache: Copy headers into longer lived storage; header names and values could previously point to cleaned up storage. PR 41551. We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade. Version-Release number of selected component (if applicable): httpd-2.2.4-10 Expected results: httpd-2.2.6-1 or newer... ;-)
Joe, a simple version bump did the trick for me.
2.2.6 is now in Raw Hide.