This bug was fixed in the package apache2 - 2.2.14-5ubuntu7
---------------
apache2 (2.2.14-5ubuntu7) lucid; urgency=low
* debian/patches/206-fix-potential-memory-leaks.dpatch: Fix potential memory
leaks by making sure to not destroy bucket brigades that have been created
by earlier filters. Backported from 2.2.15.
* debian/patches/206-report-max-client-mpm-worker.dpatch: Don't report server
has reached MaxClients until it has. Backported from 2.2.15
* debian/config-dir/apache2.conf: Make the Files ~ "^\.ht" block in
apache2.conf
more secure by adding Satisfy all. (Debian bug: #572075)
* debian/rules, debian/patches/209-backport-mod-reqtimeout.dpatch,
debian/config2-dir/mods-available/reqtimeout.load,
debian/config2-dir/mods-available/reqtimeout.conf debian/NEWS : Backport the
mod-reqtimeout module from 2.2.15, this will mitigate apache slowloris
bug in apache. Enable it by default. (LP: #392759)
-- Chuck Short <zul...@ubuntu.com> Mon, 05 Apr 2010 09:53:35 -0400
** Changed in: apache2 (Ubuntu Lucid)
Status: Triaged => Fix Released
--
[FFE] apache2 DoS attack using slowloris
https://bugs.launchpad.net/bugs/392759
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
