This update brings Apache to version 2.2.12.
The main reason is the enablement of the Server Name
Indication (SNI) that allows several SSL-enabled domains
on one IP address (FATE#311973). See the
SSLStrictSNIVHostCheck directive as documented in
/usr/share/apache2/manual/mod/mod_ssl.html.en
Also the patch for the ByteRange remote denial of service
attack (CVE-2011-3192) was refined and the configuration
options used by upstream were added.
Introduce new config option: Allow MaxRanges Number of
ranges requested, if exceeded, the complete content is
served. default: 200 0|unlimited: unlimited none: Range
headers are ignored. This option is a backport from 2.2.21.
Also fixed were
This update also includes a newer
apache2-vhost-ssl.template, which disables SSLv2, and
allows SSLv3 and strong ciphers only. Please note that
existing vhosts will not be converted.