HP-UX 11i December 2003 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

111

112

113

114

115

116

117

118

119

120

HP-UX 11i Version 1.0 Operating Environment Applications

HP-UX 11i Foundation Operating Environment

Chapter 6

114

appropriate port (i.e., for Webmin on port 10000, the URL should be:

http://yourserver.com:10000/hp_docs). See /opt/hpws/README for more

information about getting started with each component.

The latest information can also be found on the product web site:

http://www.hp.com/go/webserver

HP-UX Apache-based Web Server

HP-UX Apache-based Web Server combines Apache with numerous popular modules

from other Open Source projects and provides HP value-added features for the HP-UX

platform:

• Scripting capabilities: PHP, mod_perl, CGI

• Content management: WebDAV

• Security: authentication through an LDAP server, Chrooted environment, SSL and

TLS support

updated for

September 2003

HP-UX Apache-based Web Server v.1.0.06.01 is primarily a security and bug-fix release

which addresses the following vulnerabilities and problems:

• Apache upgraded to 2.0.46, which addresses and fixes these security vulnerabilities

described at:

— http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0189

— http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0245

• mod_perl upgraded to 1.99_09: mod_perl has been upgraded in conjunction with

the Apache upgrade. Apache 2.0.46 and mod_perl 1.99_09 both depend on APR

version 0.9.4 (which is incorporated into Apache).

• Resolved problem causing mod_cgid with Chroot to fail.

• Corrected message, “unclean shutdown of previous Apache run,” generated during a

subsequent startup of Apache with Chroot turned on.

Plus enhancements from v1.0.05.01:

• mod_auth_ldap and its caching module, mod_ldap, have been added to provide

authentication to an LDAP directory. These are new modules from the Apache

Software Foundation. auth_ldap is still provided; however, all ldap users are

encouraged to begin transitioning to mod_auth_ldap. auth_ldap is provided during

this transition but will be removed in a future release.

Plus enhancements from v1.0.03.01:

• Apache upgraded to 2.0.45 which addresses and fixes these security vulnerabilities

described at:

— http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0132

— http://nagoya.apache.org/bugzilla/index.html: BUG # 17206

• Fixed OpenSSL 0.9.6i to address and fix these security vulnerabilities described at:

— http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0147