Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] SuSE Apache patch sufficient?
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Thu, 27 Jun 2002 00:42:29 +0200 (MEST)
  • Message-id: <Pine.LNX.4.44.0206270041210.25353-100000@xxxxxxxxxxxx>
> > I can promise you: It's a real mess!
> > No, I'm afraid we can't make a version upgrade. It will just break,
> > nothing else.
>
> Ok, I understand that! In the meantime I read on the bugtraq that
> Linux seems not to be vulnerable in the way OpenBDS and FreeBSD are.
> So I guess, unless sth. else is proven, we can assume the patched
> Apache to be secure, right?

Yes.
I wouldn't insist on the claim that it isn't exploitable on Linux. This
was only the first impression. It may turn out to be right - or wrong.
Better upgrade the package.

> http://online.securityfocus.com/archive/1/278223/2002-06-21/2002-06-27/2
>
> Best regards,
> Frank

Roman.
--
- -
| Roman Drahtm├╝ller <draht@xxxxxxx> // "You don't need eyes to see, |
SuSE Linux AG - Security Phone: // you need vision!"
| N├╝rnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |
- -


< Previous Next >
References