Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] Apache update
I am not certain if this is the exploit you are talking
about. There was no link included in the email which you
sent. But, the XForce email announcing an exploit
(assumed to be what you are talking about here,
specifically states:

> > X-Force has verified that this issue is exploitable
on Apache for
> > Windows (Win32) version 1.3.24. Apache 1.x for Unix
contains the same
> > source code, but X-Force believes that successful
exploitation on most
> > Unix platforms is unlikely.

So, if this is the vulnerability which you are talking
about, then the reporting group states that it is
probably not a problem on Unix (which would include SuSE


> There is an issue with apache, corroborated by the apache
> guys,
> with a story at /.
> Short version:
> Are we waiting for the apache team to come up with a patch,
> or do you guys have an idea of a fix? Is this remotely
> exploitable, or just a dos with apache 1.3.x?
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here

< Previous Next >