Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Apache config help



> While on the subject of Apache, I am probably stating the obvious, but does
> everyone know that versions up to 1.3.24 have a DoSable bug, which someone
> has now reased an exploit for?

All distributions that I use released new versions so the answer is
yes. From the apache site 
(http://httpd.apache.org/info/security_bulletin_20020617.txt):
"Versions of the Apache web server up to and including 1.3.24 and 2.0 up to
and including 2.0.36 contain a bug in the routines which deal with invalid
requests which are encoded using chunked encoding."

After updating:

Debian Unstable: apache 1.3.26
Debian Stable:   apache 1.3.9_14.1 - fixed version from 
                 http://security.debian.org/
Gentoo 1.2:      apache 1.3.26
OpenBSD 3.0:     apache 1.3.19
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/005_httpd.patch
FreeBSD 4.6:     apache 1.3.26


-- 
________  Stoyan Zhekov <sto [AT] zhware [DOT] net>  ________
OpenPGP:                http://www.zhware.net/keys/zhware.asc
fpr:        2A61 58D0 A69C FF68 4785 A0A3 89DE AEC0 3CA6 41A8
____________ Is there life after /sbin/halt -p? _____________ 

Attachment: pgp00010.pgp
Description: PGP signature


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links