Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] SuSE Apache patch sufficient?
Hi there...

----- Original Message -----
From: "Alan Rouse" <ARouse@xxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Thursday, June 20, 2002 4:54 PM
Subject: [suse-security] SuSE Apache patch sufficient?


> Yesterday's SuSE advisory (Apache chunk handling) indicates their belief
> that:

> However, the exploit posted this morning on vulnwatch indicates that
> such an exploit exists against Linux.

Again:
No, the exploit posted on vulnwatch this morning works agains xBSD
only.

Sure, it is a "proof of concept" - so it wont take long 'till there is one
working against Linux based systems. But you've got some time to get
a new Apache running - and the SuSE suggests to update to 1.3.26

so do I,

> Thank you.

no problem ;-)

Andreas




< Previous Next >
References