HP-UX 11i September 2002 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

100

HP-UX 11i Version 1.0 Operating Environment Applications

HP-UX 11i Operating Environment

Chapter 6

For the latest download and documentation information, please visit

http://www.hp.com/go/webserver.

NOTE You must obtain certificates from authorized agencies for commercial purposes and

make the necessary changes in httpd.conf to use the desired certificates.

updated for

September 2002

HP Apache version 1.3.26.03 is principally a security-fix, bug-fix, and version-upgrade

release.

All users are urged to upgrade immediately to this release.

This release has upgraded to PHP 4.2.2 from 4.2.1 in previous HP Apache 1.3.26

releases. PHP 4.2.2 contains the security fix to correct POST vulnerabilities in PHP

versions 4.2.0 and 4.2.1. For more information see:

http://www.php.net/release_4_2_2.php.

Apache 1.3.26 addresses and fixes the issue regarding a remotely exploitable

vulnerability in handling of large data chunks as noted in the following security

bulletins:

• http://itrc.hp.com/ — Log in and search for “HPSBUX0207-197” in “Technical

Documents.” If you do not have a login, follow the easy registration steps.

• http://cve.mitre.org/ — Search for “CAN-2002-0392.”

• http://www.cert.org/advisories/CA-2002-17.html

This release is a version update for the following HP Apache components:

• Apache base 1.3.26

• Tomact 3.3.1

• PHP 4.2.2

• Webmin 0.980

• OpenSSL 0.9.6c

• mod_ssl 2.8.9

• BSAFE Crypto-C 5.2

In addition to the mod_jserv servlet connector found in previous versions of HP Apache,

mod_jk is the servlet connector to Tomcat, and can use either the original ajpv12 protocol

or the newer ajpv13 protocol.

Enhanced documentation includes FAQs, iPlanet to HP Apache Migration Guide, and

HP Apache 1.3.x to 2.x Migration Guide.

deprecated in

September 2002

HP Apache v.1.3.x has been deprecated (slated for future obsolescence). The final

supported version of HP Apache v.1.3.x in HP-UX 11i OE will be distributed in December

2002. HP Apache 1.3.x will still be available on HP Software Depot

(http://www.software.hp.com) until June 30th, 2003. Starting July 1, 2003, HP

Apache 1.3.x will not be supported on HP-UX.

Customers should begin upgrading to HP Apache v.2.0 (product number B9416AA). It is

available today on the Application Release CD that was shipped in this bundle, as well

as on HP Software Depot (http://www.software.hp.com). Compared to previous

versions, HP Apache v.2.0 offers better performance and new IPv6, WebDAV, and LDAP

support to provide a more robust web server for your HP 11i environment. For more

information on HP Apache v.2.0, please visit our web site at

http://www.hp.com/go/webserver.