Mailinglist Archive: opensuse-security (499 mails)
| < Previous | Next > |
Re: [suse-security] SuSE Apache patch sufficient?
- From: "Andreas Syska" <asyska@xxxxxxxxxxx>
- Date: Thu, 20 Jun 2002 17:24:54 +0200
- Message-id: <003801c2186e$a1ddebe0$1901000a@as>
Hi there...
----- Original Message -----
From: "Alan Rouse" <ARouse@xxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Thursday, June 20, 2002 4:54 PM
Subject: [suse-security] SuSE Apache patch sufficient?
> Yesterday's SuSE advisory (Apache chunk handling) indicates their belief
> that:
> However, the exploit posted this morning on vulnwatch indicates that
> such an exploit exists against Linux.
Again:
No, the exploit posted on vulnwatch this morning works agains xBSD
only.
Sure, it is a "proof of concept" - so it wont take long 'till there is one
working against Linux based systems. But you've got some time to get
a new Apache running - and the SuSE suggests to update to 1.3.26
so do I,
> Thank you.
no problem ;-)
Andreas
----- Original Message -----
From: "Alan Rouse" <ARouse@xxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Thursday, June 20, 2002 4:54 PM
Subject: [suse-security] SuSE Apache patch sufficient?
> Yesterday's SuSE advisory (Apache chunk handling) indicates their belief
> that:
> However, the exploit posted this morning on vulnwatch indicates that
> such an exploit exists against Linux.
Again:
No, the exploit posted on vulnwatch this morning works agains xBSD
only.
Sure, it is a "proof of concept" - so it wont take long 'till there is one
working against Linux based systems. But you've got some time to get
a new Apache running - and the SuSE suggests to update to 1.3.26
so do I,
> Thank you.
no problem ;-)
Andreas
| < Previous | Next > |