A vulnerability has been discovered and corrected in apache:

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21,
when used with mod_proxy_balancer in certain configurations, allows
remote attackers to cause a denial of service (temporary error state
in the backend server) via a malformed HTTP request (CVE-2011-3348).

The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory
introduced regressions in the way httpd handled certain Range HTTP
header values.

The updated packages have been patched to correct these issues.