Apache HTTP Server 2.2.17 and 2.0.64: Released

Users of Apache HTTP Server please be advised of new versions released that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Apache-SA-10/19/2010: Apache HTTP Server 2.2.17 and 2.0.64 Released
The Apache Software Foundation and the Apache HTTP Server Project are

pleased to announce the release of version 2.2.17 of the Apache HTTP

Server (“Apache”). This version of Apache is principally a bug fix

release, and a security fix release of the APR-util 1.3.10 dependency;
* SECURITY: CVE-2010-1623 (cve.mitre.org)

Fix a denial of service attack against apr_brigade_split_line().

* SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org)

Fix two buffer over-read flaws in the bundled copy of expat which

could cause httpd to crash while parsing specially-crafted

XML documents.

We consider this release to be the best version of Apache available, and

encourage users of all prior versions to upgrade.

Read more at http://www.criticalwatch.com