A vulnerability was discovered and corrected in apache-conf: The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting attacks via unspecified web client software . This update provides a solution to this vulnerability. Update: The wrong package was uploaded for 2009.1. This update addresses that problem.