<font size=2 face="sans-serif">Two vulnerabilities were reported by the
Apache Software Foundation in the last week. Below are links to the details
on each vulnerability. </font>
<br><font size=2 face="sans-serif">Tomcat Authentication bypass - </font><a href="http://mail-archives.apache.org/mod_mbox/www-announce/201108.mbox/%3C4E5BEDE0.8010604@apache.org%3E"><font size=2 color=blue face="sans-serif">CVE-2011-3190</font></a>
<br><font size=2 face="sans-serif">Apache Dos issue - </font><a href="http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110826103531.998348F82@minotaur.apache.org%3E"><font size=2 color=blue face="sans-serif">CVE-2011-3192</font></a><font size=2 face="sans-serif">
</font>
<br>
<br><font size=2 face="sans-serif">The fix looks to be in Apache 2.2.20.</font>
<br><a href=http://httpd.apache.org/><font size=2 face="sans-serif">http://httpd.apache.org/</font></a>
<br>
<br><font size=2 face="sans-serif">Or possibly a workaround.</font>
<br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=732928"><font size=2 face="sans-serif">https://bugzilla.redhat.com/show_bug.cgi?id=732928</font></a>
<br>
<br>
<br><font size=2 face="sans-serif">We're currently using Apache 2.2.3 on
our Lon-Capa servers. Since the vulnerability is fixed in 2.2.20
(2.2.twenty), I'm thinking we need to run a yum update. Has anyone
else done this in the past week, or tried the workaround? If so,
have you had any issues? Does anyone have any suggestions about whether
or not we should update Apache to 2.2.20?</font>
<br>
<br><font size=2 face="sans-serif">Thanks!</font>
<p><font size=2 color=#008080 face="Papyrus"><b>Jana Avery</b></font><font size=2 face="Calibri"><br>
Learning Systems, Technology Services<br>
Virginia Commonwealth University<br>
<br>
</font><font size=2 color=#008080 face="Calibri"><b><i><br>
Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, social security
number or confidential personal information. For more details visit
</i></b></font><a href=http://infosecurity.vcu.edu/phishing.html><font size=2 color=blue face="Calibri"><i>http://infosecurity.vcu.edu/phishing.html</i></font></a><font size=2 color=blue face="Calibri"><i>.</i></font>
<p><font size=2 face="Arial"> </font>