From: Reto Inversini <inversini@datacomm.ch> To: suse-security@suse.com Date: Wednesday, July 27, 2005, 11:02:54 PM Subject: [suse-security] apache2 patch Wednesday, July 27, 2005, 11:02:54 PM, you wrote:
John wrote:
hello all
Hi John
I noticed that /usr/sbin/httpd2-prefork has new timestamp (22/jul) but the same size (in bytes) with the older one.
AFAIK the patch was just a small one, the vulnerability is a off-by-one error in mod_ssl. What exactly has changed can be found here:
http://svn.apache.org/viewcvs.cgi/httpd/httpd/trunk/modules/ssl/ssl_engine_k...
Can anyone explain to me what does this mean? How the patch has fit in that binary and the size remains the same?
If you want to be totally sure, if you have got the changed binary in your chroot environment calculate an md5 hash over the old and the new file, the md5sums should differ.
Regards Reto
Ok, i saw that piece of code. But how the binary be the same YOU downloaded the apache2-prefork*.rpm and apache2-*.rpm The above rpms installed at once. So the old binaries must have been overwriten but they have the same size excactly. md5sum outputs the hash of the file size I will then receive the same hash for the old and the new binary httpd2-prefork, won't i?