[mpm-itk] mpm-itk version 2.2.17-01 released
Steinar H. Gunderson
sgunderson at bigfoot.com
Mon Mar 21 21:46:11 CET 2011
I've just released mpm-itk 2.2.17-01. This is a maintenance release with no
new features, but a few important bugfixes, in particular for CVE-2011-1176.
The changelog reads:
apache2.2-mpm-itk 2.2.17-01, released 2011-03-21:
* Fixed CVE-2011-1176: If NiceValue was set, the default with no
AssignUserID was to run as root:root instead of the default Apache user
and group, due to the configuration merger having an incorrect default
* Rebase against Apache 2.2.17.
* Fix an issue where users can sometimes get spurious 403s on persistent
connections, if the .htaccess files are not world readable.
* In the config merger, don't reallocate the username, since it's already
in the correct pool. (This is not a memory leak, only a small inefficiency.)
Everybody is recommended to upgrade, in particular because of the
CVE-2011-1176 bugfix. (If you want the smallest change possible, the email
about the bug included a minimal diff that do not include the other changes.)
The patch itself is as always available from http://mpm-itk.sesse.net/ .
/* Steinar */
More information about the mpm-itk