This update fixes several security issues in the Apache2
webserver.
The severe ByteRange remote denial of service attack
(CVE-2011-3192) was fixed, configuration options used by
upstream were added.
Introduce new config option: Allow MaxRanges Number
of ranges requested, if exceeded, the complete content is
served. default: 200 0|unlimited: unlimited none: Range
headers are ignored. This option is a backport from 2.2.21.
CVE-2011-0419,CVE-2011-1928: Two fnmatch denial of
service attacks were fixed that could exhaust the servers
memory.
CVE-2010-1623: Another memoryleak was fixed that
could exhaust httpd server memory via unspecified methods.
CVE-2011-3368: This update also includes fixes a fix
for a mod_proxy reverse exposure via RewriteRule or
ProxyPassMatch directives.