This update fixes a remote denial of service bug (memory
exhaustion) in the Apache 2 HTTP server, that could be
triggered by remote attackers using multiple overlapping
Request Ranges. (CVE-2011-3192)
It also fixes some non-security bugs:
- take LimitRequestFieldsize config option into account
when parsing headers from backend. Thereby avoid that the
receiving buffers are too small. bnc#690734.
- add / when on a directory to feed correctly linked
listings. bnc#661597
- a2enmod shalt not disable a module in query mode.
bnc#663359
- New option SSLRenegBufferSize fixes "413 Request
Entity Too Large occur" problem.
- fixes graceful restart hangs, bnc#555098.