Apache 2.4.10 released

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.4.10 of the Apache HTTP Server (“Apache”). This version of Apache is our latest GA release of the new generation 2.4.x branch of Apache HTTPD and represents fifteen years of innovation by the project, and is recommended over all previous releases. This release of Apache is principally a security, feature and bug fix release.

We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade.

The Apache Software Foundation: http://www.apache.org/dist/httpd/Announcement2.4.html

See also: http://news.sixgun.org/2014/07/21/apache-vulnerabilities/

Red Hat has updates for RHEL 5,6 and 7 (the RHEL 5 update seems to be a backport). Fedora has updated packages in the pipeline. Debian stable uses Apache 2.2.22 which probably isn’t vulnerable. Ubuntu hasn’t reacted at the time of writing.

Heise: http://www.heise.de/security/meldung/Arbeit-fuer-Admins-Apache-2-4-10-stopft-Sicherheitsluecken-2265619.html