Mailinglist Archive: opensuse-security (499 mails)
| < Previous | Next > |
Re: [suse-security] Re: Remote exploit for 32-bit Apache HTTP Server known
- From: Ben Rosenberg <ben@xxxxxxxxx>
- Date: Sat, 22 Jun 2002 14:36:33 -0700
- Message-id: <20020622213633.GB21881@xxxxxxxxx>
* Joerg Mayer (jmayer@xxxxxxxxx) [020622 14:27]:
::On Sat, Jun 22, 2002 at 01:11:51PM -0700, Ben Rosenberg wrote:
::> As I've said on the SLE and on this list...
::>
::> "SuSE patches the version number that came with the distribution as to
::> not break deps. It may be numbered the same as the "vunerable" version
::> on the softwares site...but SuSE wouldn't make new pkgs with the same
::> problems. This would be silly"
::
::And is there a way to find out that the fix is in from the *binary* rpm?
::I've just looked but haven't found a Changelog for the Susespecific
::patches or something. If not, I think that this should be fixed.
Don't be a smartass. Of course you couldn't just get it from the binary.
You might want to look in the src directory under updates for the
patched src.
ncftp ...se/i386/update/8.0/zq1 > ls -la apache* -rw-r--r-- 1 suse susewww 2619848 Jun 18 13:27 apache-1.3.23-120.src.rpm
lrwxrwxrwx 1 suse susewww 25 Jun 19 16:06 apache.spm -> apache-1.3.23-120.src.rpm
ncftp ...se/i386/update/8.0/zq1 >
There is also a patches directory...
I said the patched the current version...not that they were secretive
and didn't give the src for you to look at
"apache-1.3.23-120.i386_en.info" in the n2 directory which contains the
new pkg. If you can't figure out ftp..here's the text...
--
apache: The Apache Web server
----------------------------------------------------------------------
File: apache-1.3.23-120.i386.rpm
Patchrpm: apache-1.3.23-120.i386.patch.rpm
Version: 1.3.23
Size: 764 kB
Patchsize: 180 kB
Date: Tue 18 Jun 2002 03:20:41 PM CEST
Source: apache-1.3.23-120.src.rpm
Security: Yes
----------------------------------------------------------------------
Description: Security update: This update fixes a buffer overflow in the
Apache web server.
--
-=Ben
--=====-----=====--
mailto:ben@xxxxxxxxx
--=====--
Tell me what you believe..I tell you what you should see. -DP
--=====-----=====--
::On Sat, Jun 22, 2002 at 01:11:51PM -0700, Ben Rosenberg wrote:
::> As I've said on the SLE and on this list...
::>
::> "SuSE patches the version number that came with the distribution as to
::> not break deps. It may be numbered the same as the "vunerable" version
::> on the softwares site...but SuSE wouldn't make new pkgs with the same
::> problems. This would be silly"
::
::And is there a way to find out that the fix is in from the *binary* rpm?
::I've just looked but haven't found a Changelog for the Susespecific
::patches or something. If not, I think that this should be fixed.
Don't be a smartass. Of course you couldn't just get it from the binary.
You might want to look in the src directory under updates for the
patched src.
ncftp ...se/i386/update/8.0/zq1 > ls -la apache* -rw-r--r-- 1 suse susewww 2619848 Jun 18 13:27 apache-1.3.23-120.src.rpm
lrwxrwxrwx 1 suse susewww 25 Jun 19 16:06 apache.spm -> apache-1.3.23-120.src.rpm
ncftp ...se/i386/update/8.0/zq1 >
There is also a patches directory...
I said the patched the current version...not that they were secretive
and didn't give the src for you to look at
"apache-1.3.23-120.i386_en.info" in the n2 directory which contains the
new pkg. If you can't figure out ftp..here's the text...
--
apache: The Apache Web server
----------------------------------------------------------------------
File: apache-1.3.23-120.i386.rpm
Patchrpm: apache-1.3.23-120.i386.patch.rpm
Version: 1.3.23
Size: 764 kB
Patchsize: 180 kB
Date: Tue 18 Jun 2002 03:20:41 PM CEST
Source: apache-1.3.23-120.src.rpm
Security: Yes
----------------------------------------------------------------------
Description: Security update: This update fixes a buffer overflow in the
Apache web server.
--
-=Ben
--=====-----=====--
mailto:ben@xxxxxxxxx
--=====--
Tell me what you believe..I tell you what you should see. -DP
--=====-----=====--
| < Previous | Next > |