APACHE: apache-1.3.20-66.i386.rpm
Hi there, I'm using SuSE 7.3 and I patched the Apache web server to 1.3.20-66 while www.apache.org reports 1.3.26 as new bugs fix release. Is this new release available for SuSE 7.3? Also using YOU (yast2) the most recent patch is always the 1.3.20-66.... what's wrong? Thank you. Fabrizio --------------------------------- Scarica il nuovo Yahoo! Messenger: con webcam, nuove faccine e tante altre novità!
On Sun, Jul 14, 2002 at 04:06:08PM +0200, Fabrizio Di Meo wrote:
I'm using SuSE 7.3 and I patched the Apache web server to 1.3.20-66 while www.apache.org reports 1.3.26 as new bugs fix release.
Is this new release available for SuSE 7.3? Also using YOU (yast2) the most recent patch is always the 1.3.20-66....
Nothing. The version we released (1.3.20-66 for 7.3) fixes the security vulnerability v a apatch instead of inflicting an apache version upgrade on users. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
Hi Olaf, thank you, this resolves my doubts about. I wouldn't be boring but how could I check the current patch in use on my system? If I query Apache it responds as : "Apache/1.3.20 Server at ..." Just a note: I'm a proud user of SuSE since 6.3 release and I'd never ever change it, so my last comment on the bug fix had to be read as a such clarification. Thank you. Fabrizio. Olaf Kirch <okir@suse.de> ha scritto: > Is this new release available for SuSE 7.3? Also using YOU (yast2) the most recent patch is always the 1.3.20-66.... Nothing. The version we released (1.3.20-66 for 7.3) fixes the security vulnerability v a apatch instead of inflicting an apache version upgrade on users. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here www.viapanisperna.org --------------------------------- Scarica il nuovo Yahoo! Messenger: con webcam, nuove faccine e tante altre novità!
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 14 July 2002 23:03, Fabrizio Di Meo wrote:
I wouldn't be boring but how could I check the current patch in use on my system? If I query Apache it responds as : "Apache/1.3.20 Server at ..."
try 'rpm -qi apache' mfg AND - -- Equal bytes for women. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9MgIShlekfiEFJv4RAraKAJ9Wp/nMiAdxo8JzhxR0pTy/WSh4oACgrCiu oKGyK4/yUvOEQPwJj9hKXEQ= =0BvM -----END PGP SIGNATURE-----
Andreas Lauser wrote:
On Sunday 14 July 2002 23:03, Fabrizio Di Meo wrote:
I wouldn't be boring but how could I check the current patch in use on my system? If I query Apache it responds as : "Apache/1.3.20 Server at ..."
try 'rpm -qi apache'
or better "rpm -q apache --changelog" Peter
On Sun, Jul 14, 2002 at 11:03:09PM +0200, Fabrizio Di Meo wrote:
I wouldn't be boring but how could I check the current patch in use on my system? If I query Apache it responds as : "Apache/1.3.20 Server at ..."
You can check the changelog in the RPM, as others have pointed out. There's also some Windows based scanner tool from eEye Security which basically does the following: $ telnet server 80 POST / HTTP/1.0 Transfer-Encoding: chunked AAAAAAAAAA An unfixed server would crash and close the connection when you do this (Beware: there seem to be configurations though where this does not happen, even for an unpatched server - this is from user feedback I received. I haven't been able to reproduce this, and it seems weird, but that doesn't mean it's impossible). Olaf
participants (4)
-
Andreas Lauser -
Fabrizio Di Meo -
Olaf Kirch -
Peter Wiersig