On Thu, 2011-08-25 at 12:33 -0400, m.roth at 5-cent.us wrote: > Anyone have any idea how soon RHEL and CentOS will be releasing the patch > package? > > Excerpt: > Computerworld - Developers of the Apache open-source project today > warned users of the popular Web server software that a denial-of-service > (DoS) tool is circulating that exploits a bug in the program. > <http://www.computerworld.com/s/article/9219471/Apache_warns_Web_server_adm ins_of_DoS_attack_tool> There are some work-around suggestions here: http://lwn.net/Articles/456268/ Thanks Mark for the warning and also to Colin. I am sure CENTOS users appreciate it. I certainly do. The temporary fix is shown on several web sites as this, shown below, added to Apache's conf file:- # Drop the Range header when more than 5 ranges. # CVE-2011-3192 SetEnvIf Range (,.*?){5,} bad-range=1 RequestHeader unset Range env=bad-range # optional logging. CustomLog logs/range-CVE-2011-3192.log common env=bad-range I've done this on the Apache's main conf file and restarted it. httpd appear to be working normally on reliable Centos 5.6. Its great having a Centos mailing list where concerned Centos users can post news about issues affecting other Centos users, even if the posting user accidentally forgets to mention which version of Centos is affected. Have a nice day everyone. Paul.