[CLUE-Tech] Apache security (FYI)
Adam Bultman
adamb at glaven.org
Wed Jun 26 06:41:43 MDT 2002
Mind you, there's finally a new version of mod_ssl to go with that.
--
Adam Bultman
adam at glaven.org
[ http://www.glaven.org ]
On Tue, 25 Jun 2002, Dave Price wrote:
> FYI:
>
> (from) CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability
>
> The Apache Software Foundation has published an advisory describing
> the details of this vulnerability. This advisory is available on
> their web site at
>
> http://httpd.apache.org/info/security_bulletin_20020617.txt
>
> <snip....>
> Uers of Apache 1.3 should upgrade to 1.3.26, and users of Apache 2.0
> should upgrade to 2.0.39, which contain a fix for this issue.
>
> <Note>
> For us deb-heads, if you are running potato, just be sure you have:
>
> deb http://security.debian.org stable/updates main contrib non-free
>
> in your /etc/apt/sources.list - there is a new apache package out that
> will fix you up.
>
> More of what I have read elsewhere is that exploits of this bug are
> "making the rounds" e.g. seen in the wild.
>
> aloha,
> dave
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
More information about the clue-tech
mailing list