Download Apache 2.0.49

The Apache HTTP Server Project recently released a new version of their Apache application. Here are three security vulnerabilities and a list of bugs fixed. The version number has arrived at 2.0.49 and has the following release notes:

The Apache Software Foundation and the The Apache HTTP Server Project are pleased to announce the release of version 2.0.49 of the Apache HTTP Server (“Apache”). This Announcement notes the significant changes in 2.0.49 as compared to 2.0.48.

This version of Apache is principally a bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 2.0.49 addresses three security vulnerabilities:

• When using multiple listening sockets, a denial of service attack is possible on some platforms due to a race condition in the handling of short-lived connections. This issue is known to affect some versions of AIX, Solaris, and Tru64; it is known to not affect FreeBSD or Linux.
  [CAN-2004-0174]
• Arbitrary client-supplied strings can be written to the error log which can allow exploits of certain terminal emulators.
  [CAN-2003-0020]
• A remotely triggered memory leak in mod_ssl can allow a denial of service attack due to excessive memory consumption.
  [CAN-2004-0113]

This release is compatible with modules compiled for 2.0.42 and later versions. We consider this release to be the best version of Apache available and encourage users of all prior versions to upgrade.[break]The following downloads are currently available:
Unix source: tar.gz † tar.Z
Win32 Source
Win32 Installer