FYI: Apache 2.0.47 released
 

The Apache HTTP Server Project is proud to announce [1] the tenth public release of Apache 2.0.

This version of Apache is principally a security and bug fix release. Of particular note is that 2.0.47 addresses four security vulnerabilities:

Certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one could result in the weak ciphersuite being used in place of the strong one.
[CAN-2003-0192] [2]

Certain errors returned by accept() on rarely accessed ports could cause temporal denial of service, due to a bug in the prefork MPM.
[CAN-2003-0253] [3]

Denial of service was caused when target host is IPv6 but ftp proxy server can't create IPv6 socket.
[CAN-2003-0254] [4]

The server would crash when going into an infinite loop due to too many subsequent internal redirects and nested subrequests.
[VU#379828]

For further details, see the announcement. [1]

[1] http://www.apache.org/dist/httpd/Announcement2.html
[2] http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0192
[3] http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0253
[4] http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0254

~