The Apache team have released a security update to the popular webserver. This version of Apache is principally a bug fix release, and a security fix release of the APR 1.4.4 dependency; I would advise you to upgrade your server accordingly. I’ve tested and updated all my servers without any problem. Read all about the changes and bugs fixed in the 2.2.18 changelog.
- SECURITY: CVE-2011-0419 (cve.mitre.org) apr_fnmatch flaw leads to mod_autoindex remote DoS. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a carefully crafted request may cause excessive CPU usage. Upgrading to APR 1.4.4, or setting the ‘IgnoreClient’ option of the ‘IndexOptions’ directive circumvents this risk.
If you’ve forgotten how to upgrade your Apache installation in the least painfull way with a possibility to go back if something goes wrong: Upgrading Apache