04/10/26 20:04:51 ck5jLJ0G
> Mon Oct 25 16:35:04 PDT 2004
> n/apache-1.3.32-i486-1.tgz: Upgraded to apache-1.3.32.
> This addresses a heap-based buffer overflow in mod_proxy by
> rejecting responses from a remote server with a negative
> Content-Length. The flaw could crash the Apache child process,
> or possibly allow code to be executed as the Apache user (but
> only if mod_proxy is actually in use on the server).
> For more details, see:
> URLリンク(cve.mitre.org)
> (* Security fix *)
> n/mod_ssl-2.8.21_1.3.32-i486-1.tgz: Upgraded to mod_ssl-2.8.21-1.3.32.
> Don't allow clients to bypass cipher requirements, possibly negotiating
> a connection that the server does not consider secure enough.
> For more details, see:
> URLリンク(cve.mitre.org)
> (* Security fix *)