Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] SuSE Apache patch sufficient?
  • From: Frank Steiner <fst@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 21 Jun 2002 10:21:49 +0200
  • Message-id: <3D12E21D.4657BBBD@xxxxxxxxxxxxxxxxxxxxxx>
Hi,

Roman Drahtmueller wrote:

> Unless I see the exploit working, I don't believe it.
>
> This, however, does not have any influence on the severity of the bug: a
> _possible_ code execution vulnerability is just as bad as an evident code
> execution vulnerability.

so, would it mean much work to compile RPMs for a 3.1.26 apache for
all SuSE versions? Or are there just to many dependencies? For a quick
fix I just compiled apache 3.1.26 using the config.status from SuSE
and exhanged the binary and the modules, seems to run fine. However,
I don't use much additional mod packages like php4 etc...

cu,
Frank

--
Dipl.-Inform. Frank Steiner mailto:fst@xxxxxxxxxxxxxxxxxxxxxx
Lehrstuhl f. Programmiersprachen mailto:fsteiner@xxxxxx
CAU Kiel, Olshausenstra├če 40 Phone: +49 431 880-7265, Fax: -7613
D-24098 Kiel, Germany http://www.informatik.uni-kiel.de/~fst/

< Previous Next >
References