From: "Roderick Klein" <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTPS id 2633064 for ecs-isp@2rosenthals.com; Tue, 05 Oct 2021 16:08:17 -0400
Received: from secmgr-va.randr ([192.168.200.201]:48336 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtp (Exim 4.94.2)
	(envelope-from <roderickklein@xs4all.nl>)
	id 1mXqjW-0002WU-2R
	for ecs-isp@2rosenthals.com; Tue, 05 Oct 2021 16:08:15 -0400
Received: from lb2-smtp-cloud8.xs4all.net ([194.109.24.25]:59497)
	by mail2.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <roderickklein@xs4all.nl>)
	id 1mXqjT-0003XW-1u
	for ecs-isp@2rosenthals.com; Tue, 05 Oct 2021 16:08:12 -0400
Received: from cust-d6f8d21c ([IPv6:fc0c:c133:180c:ce18:600b:879d:83bb:499c])
	by smtp-cloud8.xs4all.net with ESMTPA
	id XqjOmusszMjraXqjRmZa0O; Tue, 05 Oct 2021 22:08:09 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=xs4all.nl; s=s2;
	t=1633464489; bh=asxEwU1s6Ssa3qt0xqFMPlSRSZKxjAw+Y1vUui4whuM=;
	h=Message-ID:Date:From:MIME-Version:To:Subject:Content-Type:From:
	 Subject;
	b=ac2awj1GUw7ww8WpDxWF4NPgEP4AXfGrHfd9n6RqjjRJ1wHa77sBEiCciTEyUu8Xg
	 6W8idyTIZLMoK6N5kAmJ5kWJR2gLvY9HT26T2/UfqPSiagyqWFn98VApRhxcuEKTXl
	 pJ5O3qWg5Ogw5ofGKnsD2rjiW5b79QjFWom8cn+HscwmSqOhwGyh1DLyWrZZfpx2xD
	 45Z0NnkDsNbLmpMfWSuNLvlgRQNmnSmF3MkKrbPH94tk4sxGS6AhJT/ENzqRjbGpwN
	 yVDLsCbXmI5kY/nkkhmcJfHnytdoByuykDshevqre6Wu8PTty9y3s+V46uevmmKN7Y
	 aJ/ckrTpshndA==
Message-ID: <615CB0A7.9090801@xs4all.nl>
Date: Tue, 05 Oct 2021 22:08:07 +0200
Reply-To: roderickklein@xs4all.nl
User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
Subject: Apache 2.4.49 zero day exploit...
References: <list-2620142@2rosenthals.com>
In-Reply-To: <list-2620142@2rosenthals.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-CMAE-Envelope: MS4xfPZ0VxLO+/7FaRc1ISeU8yQfK8RHXqwhxTIbJAvQ8SUvLzqnq9YriSbEsvDWT1ib+htBW6fT1VwtVT8rr8B6SijEZkHqVchOcZq3gCQ8124TbqibwXJ7
 8iItlpZLOFjwWQ8Bm99ENtVaEX3osWU3Ri7P0zxmYTrjtmxCjqjaoQ707RZJXUEoFw0E3QKda8MvJ89PxYuFYG0aMj5sMKIGseQ=

On  2-10-21 11:42, Paul Smedley wrote:
>
> Hi All,
>
> The key changes with these is that apache2 has been updated to pull in
> the socket functions from tcpip32.dll rather than so32dll.dll.
>
> I don't expect this to make any significant differences in real life,
> other than it slightly simplifies the build process.
>
> https://smedley.id.au/tmp/php-8.0.9-os2-20211002.zip
> https://smedley.id.au/tmp/httpd-2.4.49-os2-20211002-debug.zip

It seems this Apache version has a zero day exploit.

https://therecord.media/apache-fixes-actively-exploited-web-server-zero-day/

Roderick