The Apache Software Foundation this week updated its popular open source Apache HTTP server.
Apache HTTP Server 2.2.14 fixes three security vulnerabilities which could potentially have left users at risk, albeit a small risk.
One of the fixes is for a NULL pointer dereference in the mod_proxy_ftp module. The flaw potentially could have enabled an attacked to trigger a denial of service (DoS) attack via an Apache powered FTP server. NULL pointer errors are common in software development. According to a recent Coverity study, NULL pointer errors have remained the most common type of coding error in open source software over the past three years.
There is also a security fix specific to the Solaris build of Apache, fixing a flaw that could cause the server to reset.
Apache included numerous other (non-security) bug fixes making Apache 2.2.14 more stable.
As part of the update, Apache is not currently updating it's older Apache 2.0.x and Apache 1.3.x web servers. The last releases for those legacy web servers came in January of 2008.
See the complete list of changes, here
Article courtesy of InternetNews.com