The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards.
Three vulnerabilities were found:
No special privileges are required for these vulnerabilities. As a result, all users are recommended to upgrade their Apache installations.
There is no immediate workaround; a software upgrade is required. There is no workaround for the mod_disk_cache issue; users are recommended to disable the feature on their servers until a patched version is released.
Users are urged to upgrade to Apache 2.0.49:
# emerge sync # emerge -pv ">=www-servers/apache-2.0.49" # emerge ">=www-servers/apache-2.0.49" # ** IMPORTANT ** # If you are migrating from Apache 2.0.48-r1 or earlier versions, # it is important that the following directories are removed. # The following commands should cause no data loss since these # are symbolic links. # rm /etc/apache2/lib /etc/apache2/logs /etc/apache2/modules # rm /etc/apache2/modules # ** ** ** ** ** # ** ALSO NOTE ** # Users who use mod_disk_cache should edit their Apache # configuration and disable mod_disk_cache.