Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Apache config help
- Date: Fri, 21 Jun 2002 09:11:57 +0900
- From: Stoyan Zhekov <sto@example.com>
- Subject: Re: [tlug] Apache config help
- References: <200206200831.g5K8VQh15956@example.com><Pine.GSO.4.44.0206201844040.10822-100000@example.com>
- Organization: ZHware Co.
> While on the subject of Apache, I am probably stating the obvious, but does
> everyone know that versions up to 1.3.24 have a DoSable bug, which someone
> has now reased an exploit for?
All distributions that I use released new versions so the answer is
yes. From the apache site
(http://httpd.apache.org/info/security_bulletin_20020617.txt):
"Versions of the Apache web server up to and including 1.3.24 and 2.0 up to
and including 2.0.36 contain a bug in the routines which deal with invalid
requests which are encoded using chunked encoding."
After updating:
Debian Unstable: apache 1.3.26
Debian Stable: apache 1.3.9_14.1 - fixed version from
http://security.debian.org/
Gentoo 1.2: apache 1.3.26
OpenBSD 3.0: apache 1.3.19
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/005_httpd.patch
FreeBSD 4.6: apache 1.3.26
--
________ Stoyan Zhekov <sto [AT] zhware [DOT] net> ________
OpenPGP: http://www.zhware.net/keys/zhware.asc
fpr: 2A61 58D0 A69C FF68 4785 A0A3 89DE AEC0 3CA6 41A8
____________ Is there life after /sbin/halt -p? _____________
Attachment:
pgp00010.pgp
Description: PGP signature
- References:
- Re: [tlug] Apache config help
- From: Jim Breen
- Re: [tlug] Apache config help
- From: Tim Hurman
- Re: [tlug] Apache config help
- Prev by Date: Re: [tlug] Apache config help
- Next by Date: Re: [tlug] Apache config help
- Previous by thread: Re: [tlug] Apache config help
- Next by thread: Re: [tlug] Apache config help
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |