[Bug 392759] Re: [FFE] apache2 DoS attack using slowloris

Launchpad Bug Tracker 392759 at bugs.launchpad.net
Tue Apr 13 14:15:09 BST 2010


This bug was fixed in the package apache2 - 2.2.14-5ubuntu7

---------------
apache2 (2.2.14-5ubuntu7) lucid; urgency=low

  * debian/patches/206-fix-potential-memory-leaks.dpatch: Fix potential memory
    leaks by making sure to not destroy bucket brigades that have been created
    by earlier filters. Backported from 2.2.15.
  * debian/patches/206-report-max-client-mpm-worker.dpatch: Don't report server
    has reached MaxClients until it has. Backported from 2.2.15
  * debian/config-dir/apache2.conf: Make the Files ~ "^\.ht" block in apache2.conf
    more secure by adding Satisfy all. (Debian bug: #572075)
  * debian/rules, debian/patches/209-backport-mod-reqtimeout.dpatch,
    debian/config2-dir/mods-available/reqtimeout.load,
    debian/config2-dir/mods-available/reqtimeout.conf debian/NEWS : Backport the
    mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris
    bug in apache. Enable it by default. (LP: #392759)
 -- Chuck Short <zulcss at ubuntu.com>   Mon, 05 Apr 2010 09:53:35 -0400

** Changed in: apache2 (Ubuntu Lucid)
       Status: Triaged => Fix Released

-- 
[FFE] apache2 DoS attack using slowloris
https://bugs.launchpad.net/bugs/392759
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.



More information about the Ubuntu-server-bugs mailing list