This bug was fixed in the package apache2 - 2.2.14-5ubuntu7 --------------- apache2 (2.2.14-5ubuntu7) lucid; urgency=low
* debian/patches/206-fix-potential-memory-leaks.dpatch: Fix potential memory leaks by making sure to not destroy bucket brigades that have been created by earlier filters. Backported from 2.2.15. * debian/patches/206-report-max-client-mpm-worker.dpatch: Don't report server has reached MaxClients until it has. Backported from 2.2.15 * debian/config-dir/apache2.conf: Make the Files ~ "^\.ht" block in apache2.conf more secure by adding Satisfy all. (Debian bug: #572075) * debian/rules, debian/patches/209-backport-mod-reqtimeout.dpatch, debian/config2-dir/mods-available/reqtimeout.load, debian/config2-dir/mods-available/reqtimeout.conf debian/NEWS : Backport the mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris bug in apache. Enable it by default. (LP: #392759) -- Chuck Short <zul...@ubuntu.com> Mon, 05 Apr 2010 09:53:35 -0400 ** Changed in: apache2 (Ubuntu Lucid) Status: Triaged => Fix Released -- [FFE] apache2 DoS attack using slowloris https://bugs.launchpad.net/bugs/392759 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs