27Oct

Apache 2.2.25 and PHP 5.3.27 Upgrade

October 27, 2013

This evening all Mr.Host web servers were upgraded to Apache 2.2.25 and PHP 5.3.27.

Apache 2.2.25

This version of Apache is principally a security and bug fix legacy release, including the following security fixes:

  • SECURITY: CVE-2013-1896 (cve.mitre.org) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault.
  • SECURITY: CVE-2013-1862 (cve.mitre.org) mod_rewrite: Ensure that client data written to the RewriteLog is escaped to prevent terminal escape sequences from entering the log file.

PHP 5.3.27

  • Core:
    • Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC).
    • Fixed bug #64960 (Segfault in gc_zval_possible_root).
    • Fixed bug #64934 (Apache2 TS crash with get_browser()).
    • Fixed bug #63186 (compile failure on netbsd).
  • DateTime:
    • Fixed bug #53437 (Crash when using unserialized DatePeriod instance).
  • PDO_firebird:
    • Fixed bug #64037 (Firebird return wrong value for numeric field).
    • Fixed bug #62024 (Cannot insert second row with null using parametrized query).
  • PDO_pgsql:
    • Fixed bug #64949 (Buffer overflow in _pdo_pgsql_error).
  • pgsql:
    • Fixed bug #64609 (pg_convert enum type support).
  • SPL:
    • Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems).
  • XML:
    • Fixed bug #65236 (heap corruption in xml parser).
Apache Upgrades, PHP Upgrades, Upgrades Questions? Contact Support
10Sep

Apache 2.2.20 Upgrade

September 10, 2011

This evening, all Mr.Host web servers were upgraded to Apache 2.2.20.

This version is principally a security (CVE-2011-3192) and bugfix release .

Changes with Apache 2.2.20

  • SECURITY: CVE-2011-3192 (cve.mitre.org) core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
  • mod_authnz_ldap: If the LDAP server returns constraint violation, don’t treat this as an error but as “auth denied”. [Stefan Fritsch]
  • mod_filter: Fix FilterProvider conditions of type “resp=” (response headers) for CGI. [Joe Orton, Rainer Jung]
  • mod_reqtimeout: Fix a timed out connection going into the keep-alive state after a timeout when discarding a request body. PR 51103. [Stefan Fritsch]
  • core: Do the hook sorting earlier so that the hooks are properly sorted for the pre_config hook and during parsing the config. [Stefan Fritsch]
Apache Upgrades, Maintenance, Upgrades Questions? Contact Support