The Debian GNU/Linux project has issued a patch so its users can fix the denial of service vulnerability in the open source Apache httpd server that was announced by the Apache Software Foundation last week.
If you thought the hacks by Anonymous and AntiSec were bad, boy, are you in for a revelation. This past week brings news that the Apache Web server -- the one that powers the majority of the Internet and most websites -- has a vulnerability that can be exploited with relatively little effort.
The Apache Software Foundation (ASF) is one of the most important and influential players in the modern open-source software development community. The ASF is perhaps still best known for its eponymous Web server, the Apache HTTP Server project, commonly referred to as "Apache." - See more at: http://www.eweek.com/enterprise-apps....gFz2zH8t.dpuf
The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of nearly 150 Open Source projects and initiatives, today announced that Apache CloudStack has graduated from the Apache Incubator to become a Top-Level Project (TLP), signifying that the Project's community and products have been well-governed under the ASF's meritocratic process and principles.
The Apache Software Foundation is out with a pair of important updates to its namesake Apache HTTP Server. The new updates are the Apache 2.0.65 and Apache 2.2.25 releases. Of particular note is the fact that the Apache 2.0.65 release is the final release of the Apache 2.0.x line of HTTP server.
LinuxSecurity.com: A vulnerability has been found and corrected in krb5:
Use-after-free vulnerability in kadmin/server/server_stubs.c in
kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote
authenticated users to cause a denial of service (daemon crash) via a
Canonical published details in a security notice about an Apache XML Security for a Java vulnerability in its Ubuntu 10.04 LTS (Lucid Lynx) operating system. According to the company, Apache XML Security for Java could be tricked into validating spoofed signatures. It has been discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters.