The libapache-mod-ssl package provides SSL capability to the apache webserver. Recently, a problem has been found in the handling of .htaccess files, allowing arbitrary code execution as the web server user (regardless of ExecCGI / suexec settings), DoS attacks (killing off apache children), and allowing someone to take control of apache child processes - all through specially crafted .htaccess files. This has been fixed in the libapache-mod-ssl_2.4.10-1.3.9-1potato2 package (for potato), and the libapache-mod-ssl_2.8.9-2 package (for woody). We recommend you upgrade as soon as possible.
The libapache-mod-ssl package provides SSL capability to the apache webserver. Recently, a problem has been found in the handling of .htaccess files, allowing arbitrary code execution as the web server user (regardless of ExecCGI / suexec settings), DoS attacks (killing off apache children), and allowing someone to take control of apache child processes - all through specially crafted .htaccess files.
This has been fixed in the libapache-mod-ssl_2.4.10-1.3.9-1potato2 package (for potato), and the libapache-mod-ssl_2.8.9-2 package (for woody). We recommend you upgrade as soon as possible.
MD5 checksums of the listed files are available in the original advisory.