 |
Fix list for IBM HTTP Server version 6.1
|
| | | Abstract | | IBM HTTP Server provides periodic fixes for release 6.1. The following is a complete listing of fixes for Version 6.1 with the most recent fix at the top. | | | | | | | | Content |
Note: There is no Fix Pack 1 or Fix Pack 4 delivered for IBM HTTP Server. Fix Pack 2 is the first maintenance Fix Pack delivered for IBM HTTP Server V6.1, then odd numbered Fix Packs going forward.
|
Fix release date: 21 September 2009
Last modified: 21 September 2009
Status: Recommended
 Download Fix Pack 27 | |
| APAR | Description | | PK79583 | mod_ldap retrys only once, without delay, when ldap_bind fails | | PK84656 | Slow memory leak in rotatelogs | | PK86338 | mod_mem_cache slow memory leak | | PK86513 | mod_ibm_ssl session ID cache daemon (SIDD) started twice in error at HTTP Server startup | | PK87590 | %{SERVER_PORT} variable incorrectly resolves to '80' when SSL issued but no port number is provided on the ServerName directive | | PK88341 | CVE-2009-0023 : Underflow in apr_strmatch_precompile &
CVE-2009-1956 : apr_brigade_vprintf off-by-one overflow vulnerability | | PK88342 | apr_xml_* interface vulnerability |
Note: IBM HTTP Server 6.1.0.27 contains all applicable security fixes in Apache HTTP Server versions up through 2.0.63.
| APAR | Description | | PK77458 | Cached responses contain incorrect Content-Type and Content-Encoding headers on IBM HTTP Server | | PK77969 | New log messages to explain the HTTP 403 error when PATH_MAX is exceeded | | PK78007 | When an SSL request arrives shortly after an IHS restart, a SSL0600S error is logged | | PK78073 | Can't configure mod_charset_lite to translate only mod_autoindex output | | PK78128 | Set-Cookie and Set-Cookie2 headers not preserved on 304 responses | | PK78333 | Translate 100-Continue responses to ASCII | | PK79915 | Slow memory leak on z/OS when IBM HTTP Server is configured to request client SSL Certificates | | PK81016 | mod_proxy_ftp cannot serve files with wildcards in their names | | PK84899 | Failure and crash in IHS Administration Server during stop operation |
Note: IBM HTTP Server 6.1.0.25 contains all applicable security fixes in Apache HTTP Server versions up through 2.0.63.
|
Fix release date: 16 March 2009
Last modified: 16 March 2009
Status: Superseded
 Download Fix Pack 23 | |
| APAR | Description | | PK72236 | mod_charset_lite suppresses some browser error messages | | PK74791 | SSL0267E doesn't distinguish between timeouts establishing and completing the SSL handshake | | PK75671 | When an invalid Expect header is received, IBM HTTP Server does not respond until timeout value has occured | | PK75858 | The IBM HTTP Server parent process crashes while restarting piped logger if all file descriptors are exhausted | | PK76105 | The directive 'CoreDumpDirectory' used to specify the location for locating core dumps was ignored for parent process crashes | | PK76363 | Improve mod_mpmstats logging in IHS 6.X to display hanging modules in post_read_request hook |
Note: IBM HTTP Server 6.1.0.23 contains all applicable security fixes in Apache HTTP Server versions up through 2.0.63.
|
Fix release date: 01 December 2008
Last modified: 01 December 2008
Status: Superseded
 Download Fix Pack 21 | |
| APAR | Description | | PK68182 | postinst returns an error when conf files are not present during service pack install | | PK68392 | If a piped logger such as rotatelogs fails, a handle is leaked. On Windows, IBM HTTP Server is unable to restart the piped logger. | | PK68688 | mod_proxy_connect may timeout when it processes incoming SSL requests where the SSL record length is between 8 and 16 kilobytes. | | PK69212 | 'SSLClientAuth required' directive triggers HTTP access control without notification to browser at SSL layer | | PK70028 | mod_cgid tokenizing ISINDEX queries incorrectly resulting in NULL command line arguments not being passed to CGI scripts | | PK70197 | CVE-2008-2939 mod_proxy_ftp unescaped wildcard |
Note: IBM HTTP Server 6.1.0.21 contains all applicable security fixes in Apache HTTP Server versions up through 2.0.63.
|
Fix release date: 15 September 2008
Last modified: 15 September 2008
Status: Superseded
 Download Fix Pack 19 | |
| APAR | Description | | PK61608 | HTTP client certificate revocation status performance enhancement | | PK64089 | Access log displays incorrect timezone offset | | PK64092 | SSL0409I is sometimes logged when an SSL client disconnects | | PK66154 | mod_cgid socket permissions problem & sidd socket permissions problem | | PK66755 | IBM HTTP Server mod_rewrite RewriteMap directive can result in high CPU usage when thousands of strings are passed as keys | | PK66924 | IBM HTTP Server does not correctly handle orphaned rotatelogs processes for the Windows operating system | | PK67579 | CVE-2008-2364 HTTP proxy potential denial of service when proxying to untrusted servers | | PK67658 | Recursive error document problem |
Note: IBM HTTP Server 6.1.0.19 contains all applicable security fixes in Apache HTTP Server versions up through 2.0.63.
| APAR | Description | | PK57549 | Upgrade GSKit to 7.0.4.14 | | PK58884 | IBM HTTP Server compression; AddOutputFilterByType directive did not apply to proxy requests | | PK59667 | CVE-2007-6388 mod_status cross-site scripting vulnerability | | PK61452 | Server Side Includes under mod_include are unreliable with output filters | | PK62242 | Incorrect error handling in IBM HTTP Server when SIDD is not found under server root |
Note: IBM HTTP Server 6.1.0.17 contains all applicable security fixes in Apache HTTP Server versions up through 2.0.63.
|
Fix release date: 10 March 2008
Last modified: 10 March 2008
Status: Superseded
 Download Fix Pack 15 | |
| APAR | Description | | PK58024 | CVE-2007-5000 mod_imap cross-site scripting vulnerability | | PK57952 | Input method not escaped in default 413 error response | | PK57680 | High CPU loop in mod_ibm_ssl when poll returns unexpected events | | PK58184 | rotatelogs ignores -l option when rotating files based on size | | PK52726 | Allow Certificate Revocation List support to be used on HP-UX |
Note: IBM HTTP Server 6.1.0.15 contains all applicable security fixes in Apache HTTP Server versions up through 2.0.61.
|
Fix release date: 21 November 2007
Last modified: 21 November 2007
Status: Superseded
 Download Fix Pack 13 | |
| APAR | Description | | PK48412 | IBM HTTP Server logs bad date when certificate has expired | | PK48505 | mod_deflate changed HTTP status to 500 for some errors | | PK49295 | CVE-2006-5752 mod_status cross-site scripting vulnerability | | PK49355 | CVE-2007-1863 mod_cache crash with malicious request | | PK50460 | mod_deflate does not work with vary headers | | PK50467 | CVE-2007-3304 MPM signalling vulnerability | | PK50469 | CVE-2007-3847 proxy buffer over-read vulnerability | | PK50274 | ikeyman could not create CMS key database when installed from 64-bit supplements CD |
Note: IBM HTTP Server 6.1.0.13 contains all applicable security fixes in Apache HTTP Server versions up through 2.0.61.
|
Fix release date: 07 September 2007
Last modified: 07 September 2007
Status: Superseded
 Download Fix Pack 11 | |
| APAR | Description | | PK48606 | mod_ibm_ssl fails to load at run-time on RHEL 5 | | PK45277 | Segmentation fault occurs when pidfile does not exist on Web server start | | PK44274 | ProxyErrorOverride should not affect redirects | | PK45296 | mod_ibm_ldap possible crash from uninitialized memory | | PK45328 | Single DES is no longer an approved FIPS-140 security function |
|
Fix release date: 15 June 2007
Last modified: 15 June 2007
Status: Superseded
 Download Fix Pack 9 | |
| APAR | Description | | PK39018 | Restart SIDD if it exits or crashes unexpectedly | | PK38839 | Allow collection of coredumps and other serviceability data for SIGFPE crashes | | PK37731 | No client certificate prompt occurred with multiple SSL vhosts configured | | PK37809 | Empty response was sent for cached static files after revalidation timeout | | PK46546 | install_ihs command may not work for symbolic links |
|
Fix release date: 5 April 2007
Last modified: 5 April 2007
Status: Superseded
 Download Fix Pack 7 | |
| APAR | Description | | PK33253 | SSL virtualhosts unable to perform SSLV3 handshake when keyfile directive has been specified with an invalid parameter | | PK34981 | The IBM HTTP Server administrative console incorrectly reports the stop/start status of the IBM HTTP Server | | PK35675 | mod_mem_cache crashes when used with client certificate authentication | | PK33959 | IBM HTTP Server service pack updates do not put correct reference values of customer's IBM HTTP Server install |
|
Fix release date: 15 January 2007
Last modified: 15 January 2007
Status: Superseded
 Download Fix Pack 5 | |
| APAR | Description | | PK31460 | Observed strange browser behavior when receiving an HTTP 302 response over SSL through the reverse proxy | | PK33959 | IBM HTTP Server service pack updates don't put correct reference values of customer's IBM HTTP Server install | | PK34180 | Fix incorrect 304 responses for expired cache objects |
|
Fix release date: 17 November 2006
Last modified: 17 November 2006
Status: Superseded
 Download Fix Pack 3 | |
| APAR | Description | | PK28348 | There is a bug in the handling of cgid directives inside VirtualHosts when using ScriptSock directive | | PK28359 | Message "SSL0227E: SSL Handshake failed, specified label could not be found in the key file" occurs using n-cipher card | | PK29154 | CVE-2006-3747 mod_rewrite error | | PK30837 | MOD_IBM_LDAP problems when enabled in .htaccess files |
|
Fix release date: 18 September 2006
Last modified: 18 September 2006
Status: Superseded
 Download Fix Pack 2 | |
| APAR | Description | | PK21998 | Provide directive for disabling individual SSL protocol | | PK22995 | Excessive child process creation during startup | | PK24631 | CVE-2006-3918 HTTP expect header value can be echoed to browser unescaped | | PK24686 | CGI on UNIX and Linux cannot see path to script in ARG0 | | PK25428 | 6.0.x IBM HTTP Server Administration server periodically segfaults with _read_nocancel in /lib/tls/libpthread.so.0 |  | mod_cache: Fix inconsistent results from requests which are implemented as subrequests. | | Allow diagnostic modules to track activity in log-transaction hook | | | | | | | | Cross Reference information | | Segment | Product | Component | Platform | Version | Edition | | Application Servers | WebSphere Application Server | IBM HTTP Server | AIX, HP-UX, Linux, Solaris, Windows | 6.1.0.9, 6.1.0.7, 6.1.0.5, 6.1.0.3, 6.1.0.2, 6.1 | Base, Express, Network Deployment |
| | |
|
|
| IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. |
|
|
|
|
| Please take a moment to complete this form to help us better serve you. |
|
 |
|
|
|
|
|
|
| Product categories: |
|
| | Software | |
| | Application Servers | |
| | Distributed Application & Web Servers | |
| | IBM HTTP Server | |
|
| Operating system(s): |
| |
AIX, HP-UX, Linux, Solaris, Windows
|
|
| Software version: |
| |
6.1, 6.1.0.2, 6.1.0.3, 6.1.0.5, 6.1.0.7, 6.1.0.9, 6.1.0.11, 6.1.0.13, 6.1.0.15, 6.1.0.17, 6.1.0.19, 6.1.0.21, 6.1.0.23, 6.1.0.25, 6.1.0.27
|
|
| Reference #: |
| |
7008517
|
|
| IBM Group: |
| | Software Group |
|
| Modified date: |
| | 2009-09-21 |
|
|
