Hi Frank,
Unless I see the exploit working, I don't believe it.
This, however, does not have any influence on the severity of the bug: a _possible_ code execution vulnerability is just as bad as an evident code execution vulnerability.
so, would it mean much work to compile RPMs for a 3.1.26 apache for all SuSE versions? Or are there just to many dependencies? For a quick fix I just compiled apache 3.1.26 using the config.status from SuSE and exhanged the binary and the modules, seems to run fine. However, I don't use much additional mod packages like php4 etc...
I can promise you: It's a real mess!
No, I'm afraid we can't make a version upgrade. It will just break,
nothing else.
Sorry,
Roman.
--
- -
| Roman Drahtmüller