{"id":25,"date":"2008-02-04T16:43:50","date_gmt":"2008-02-04T09:43:50","guid":{"rendered":"http:\/\/blog.whplus.com\/2008\/02\/04\/upgrade-apache-php.html"},"modified":"2008-02-04T16:43:50","modified_gmt":"2008-02-04T09:43:50","slug":"upgrade-apache-php","status":"publish","type":"post","link":"https:\/\/www.whplus.com\/blog\/2008\/02\/04\/upgrade-apache-php.html","title":{"rendered":"Upgrade Apache & PHP"},"content":{"rendered":"

Saat ini kami telah mengupgrade Apache dan PHP di server machine04.
\nChanges with Apache 1.3.41<\/p>\n

*) SECURITY: CVE-2007-6388 (cve.mitre.org)
\nmod_status: Ensure refresh parameter is numeric to prevent
\na possible XSS attack caused by redirecting to other URLs.
\nReported by SecurityReason. [Mark Cox]<\/p>\n

Changes with Apache 1.3.40 (not released)<\/p>\n

*) SECURITY: CVE-2007-5000 (cve.mitre.org)
\nmod_imap: Fix cross-site scripting issue. Reported by JPCERT.
\n[Joe Orton]<\/p>\n

*) SECURITY: CVE-2007-3847 (cve.mitre.org)
\nmod_proxy: Prevent reading past the end of a buffer when parsing
\ndate-related headers. PR 41144.
\nWith Apache 1.3, the denial of service vulnerability applies only
\nto the Windows and NetWare platforms.
\n[Jeff Trawick]<\/p>\n

*) More efficient implementation of the CVE-2007-3304 PID table
\npatch. This fixes issues with excessive memory usage by the
\nparent process if long-running and with a high number of child
\nprocess forks during that timeframe. Also fixes bogus “Bad pid”
\nerrors. [Jim Jagielski, Jeff Trawick]<\/p>\n

Security Enhancements and Fixes in PHP 4.4.8:<\/strong><\/p>\n