Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] SuSE Apache patch sufficient?
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Fri, 21 Jun 2002 12:07:43 +0200 (MEST)
  • Message-id: <Pine.LNX.4.44.0206211206520.17482-100000@xxxxxxxxxxxx>
Hi Frank,


> > Unless I see the exploit working, I don't believe it.
> >
> > This, however, does not have any influence on the severity of the bug: a
> > _possible_ code execution vulnerability is just as bad as an evident code
> > execution vulnerability.
>
> so, would it mean much work to compile RPMs for a 3.1.26 apache for
> all SuSE versions? Or are there just to many dependencies? For a quick
> fix I just compiled apache 3.1.26 using the config.status from SuSE
> and exhanged the binary and the modules, seems to run fine. However,
> I don't use much additional mod packages like php4 etc...
>

I can promise you: It's a real mess!
No, I'm afraid we can't make a version upgrade. It will just break,
nothing else.

Sorry,
Roman.
--
- -
| Roman Drahtm├╝ller <draht@xxxxxxx> // "You don't need eyes to see, |
SuSE Linux AG - Security Phone: // you need vision!"
| N├╝rnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |
- -


< Previous Next >
Follow Ups
References