Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
RE: [suse-security] SuSE Apache patch sufficient?
  • From: Markus Gaugusch <markus@xxxxxxxxxxx>
  • Date: Thu, 20 Jun 2002 17:57:06 +0200 (CEST)
  • Message-id: <Pine.LNX.4.44.0206201755230.21216-100000@xxxxxxxxxxxxxxxxxx>
On Jun 20, Alan Rouse <ARouse@xxxxxxxx> wrote:
> However, I'm patching SuSE 7.0, 7.1, and 7.2. I guess I'm not going to
> get exactly 1.3.26 from SuSE for these. So I'd really like some sort of
> statement from SuSE indicating whether or not the potential remote root
> issue on my system will be addressed by their patch.
So, why should they bring out a fixed version, if there were not a
_potential_ exploit? Remote root will not be, because apache doesn't run
as root, but wwwrun might be. I don't see the point of this discussion.
There was a bug, there is a fix. SuSE did a great and fast job.

Markus

--
__________________ /"\
Markus Gaugusch \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxx X Against HTML Mail
/ \


< Previous Next >
References