cd /usr/local/directadmin/customapache
wget http://apache.mirrors.pair.com/httpd/apache_1.3.35.tar.gz
wget http://www.modssl.org/source/mod_ssl-2.8.26-1.3.35.tar.gz
change the versions in build
./build clean
./build apache_mod_ssl
service httpd restart
Changes with Apache 1.3.35
*) SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
[Mark Cox]
*) core: Allow usage of the "Include" configuration directive within
previously "Include"d files. [Colm MacCarthaigh]
*) HTML-escape the Expect error message. Not classed as security as
an attacker has no way to influence the Expect header a victim will
send to a target site. Reported by Thiago Zaninotti
<thiango nstalker.com>. [Mark Cox]
*) mod_cgi: Remove block on OPTIONS method so that scripts can
respond to OPTIONS directly rather than via server default.
[Roy Fielding] PR 15242
wget http://apache.mirrors.pair.com/httpd/apache_1.3.35.tar.gz
wget http://www.modssl.org/source/mod_ssl-2.8.26-1.3.35.tar.gz
change the versions in build
./build clean
./build apache_mod_ssl
service httpd restart
Changes with Apache 1.3.35
*) SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
[Mark Cox]
*) core: Allow usage of the "Include" configuration directive within
previously "Include"d files. [Colm MacCarthaigh]
*) HTML-escape the Expect error message. Not classed as security as
an attacker has no way to influence the Expect header a victim will
send to a target site. Reported by Thiago Zaninotti
<thiango nstalker.com>. [Mark Cox]
*) mod_cgi: Remove block on OPTIONS method so that scripts can
respond to OPTIONS directly rather than via server default.
[Roy Fielding] PR 15242
Last edited: