Product documentation
Abstract
IBM HTTP Server provides periodic fixes for release 8.5. The following is a complete listing of fixes for Version 8.5 with the most recent fix at the top.
Content
| Back to all versions |
|
|
Fix Pack 2 (8.5.0.2) |
|
|
Fix Pack 1 (8.5.0.1) |
| Fix release date: 15 April 2013 Last modified: 15 April 2013 Status: Recommended |
|
| APAR | Description |
| PM76110 | CVE-2012-4557: mod_proxy_ajp incorrectly marks backend WAS CE server down |
| PM80058 | CVE-2012-3499/CVE-2012-4558: Potential exposure in several IBM HTTP Server optional modules http://xforce.iss.net/xforce/xfdb/82359 http://xforce.iss.net/xforce/xfdb/82360 |
| PM68347 | Z/OS IHS config for versions prior to 8.5 may not migrate as expected to 8.5 |
| PM69188 | Installation of IBM HTTP Server V8.5 completes with a warning. Failure occurs because the system's hostname is not set. |
| PM70591 | IHS on Microsoft Windows startup failure with SSLv3Timeout or SSLv2Timeout in vhost: 'master_main: create child process failed.' |
| PM70994 | SSLFakeBasicAuth depends on LoadModule order |
| PM71102 | <Location> settings don't affect some mod_negotiation generated content |
| PM73304 | Add mod_ssl's SSLProxyCheckPeerCN to IBM HTTP Server |
| PM75876 | The 'Header' directive can't set a header only if the header is absent, even when using 'EDIT' mode or relying on other modules. |
| PM77980 | IBM HTTP Server should not add the Server: header by default |
| PM78087 | IBM HTTP Server high memory use when many hundreds of RewriteCond %{REQUEST_URI} |
| PM78144 | IBM HTTP Server large logformats cannot be correctly logged by piped loggers |
| PM78434 | Provide end-to-end timeouts for SSL handshakes |
| PM79015 | mod_disk_cache on Windows gives error: '(OS 5) Access is denied: disk_cache: Rename tempfile to datafile failed' |
| PM80235 | NIST SP800-131a support for IBM HTTP Server |
| PM80260 | apr_pollset_add failure -errno2=0X11780494, or growing CPU usage on the listener thread in IHS child processes (z/OS only) |
Note: IBM HTTP Server 8.5.0.2 contains all applicable security fixes in Apache HTTP Server versions up through 2.2.24.
| Fix release date: 29 October 2012 Last modified: 29 October 2012 Status: Superseded |
|
| APAR | Description |
| PM66218 | Upgrade bundled GSKit security library http://www-01.ibm.com/support/docview.wss?&uid=swg21614265 |
| PM66470 | CVE-2012-2687: mod_negotiation - potential information disclosure on compromised site. |
| PM72915 | TLS compression should be disabled by default in IBM HTTP Server http://www-01.ibm.com/support/docview.wss?uid=swg21611881 |
| PM62011 | mod_log_config: The wrong cookie can be logged |
| PM63634 | admin.passwd file was reset after installing fixpack |
| PM68007 | Non-root IBM HTTP Server install fails if primary group has no name |
| PM71612 | Additional non-serviceable files added for IBM HTTP Server |
Note: IBM HTTP Server 8.5.0.1 contains all applicable security fixes in Apache HTTP Server versions up through 2.2.23.
Rate this page:
Average rating
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.