Apache HTTP server project reports:
The following potential security flaws are addressed:
- CVE-2007-3847: mod_proxy: Prevent reading past the end of a
buffer when parsing date-related headers.
- CVE-2007-1863: mod_cache: Prevent a segmentation fault if
attributes are listed in a Cache-Control header without any
value.
- CVE-2007-3304: prefork, worker, event MPMs: Ensure that the
parent process cannot be forced to kill processes outside its
process group.
- CVE-2006-5752: mod_status: Fix a possible XSS attack against
a site with a public server-status page and ExtendedStatus
enabled, for browsers which perform charset "detection".
Reported by Stefan Esser.
- CVE-2006-1862: mod_mem_cache: Copy headers into longer lived
storage; header names and values could previously point to
cleaned up storage.