Slackware-12.1 ChangeLog (2011-09-04)
Sun Sep 4 02:17:37 UTC 2011
Packages
Upgraded
- patches/packages/httpd-2.2.20-i486-1_slack12.1.tgz
SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid
denial of service. If the sum of all ranges in a request is larger than
the original file, ignore the ranges and send the complete file.
PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
(* Security fix *)