Apache spoofed information logging vulnerabilty. Versions of apache prior to 1.3.24 sometimes put invalid client hostnames in the log file. A remote attacker may exploit this behavior to insert spoofed information into the webserver logs. The fix is to upgrade to the recent Apache 1.3.24 release. (First LWN report: March 28th).
This week's updates: