[CLUE-Tech] Apache security (FYI)
Dave Price
davep at kinaole.org
Tue Jun 25 09:06:46 MDT 2002
FYI:
(from) CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability
The Apache Software Foundation has published an advisory describing
the details of this vulnerability. This advisory is available on
their web site at
http://httpd.apache.org/info/security_bulletin_20020617.txt
<snip....>
Uers of Apache 1.3 should upgrade to 1.3.26, and users of Apache 2.0
should upgrade to 2.0.39, which contain a fix for this issue.
<Note>
For us deb-heads, if you are running potato, just be sure you have:
deb http://security.debian.org stable/updates main contrib non-free
in your /etc/apt/sources.list - there is a new apache package out that
will fix you up.
More of what I have read elsewhere is that exploits of this bug are
"making the rounds" e.g. seen in the wild.
aloha,
dave
More information about the clue-tech
mailing list