The Apache team have released a security update to the popular webserver. This version of Apache is principally a bug fix release, and a security fix release of the APR-util 1.3.10 dependency; I would advise you to upgrade your server accordingly. I’ve tested and updated all my servers without any problem. Read all about the changes and bugs fixed in the 2.2.17 changelog.
- SECURITY: CVE-2010-1623 (cve.mitre.org) Fix a denial of service attack against apr_brigade_split_line().
- SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org) Fix two buffer over-read flaws in the bundled copy of expat which could cause httpd to crash while parsing specially-crafted XML documents.
If you’ve forgotten how to upgrade your Apache installation in the least painfull way with a possibility to go back if something goes wrong: Upgrading Apache