'Re: [opensuse-security] Question about SUSE-SA:2008:021'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse-security
Subject:    Re: [opensuse-security] Question about SUSE-SA:2008:021
From:       Jeff VanDeRyt <jtvdr () umich ! edu>
Date:       2008-06-03 13:10:21
Message-ID: 484542BD.6070407 () umich ! edu
[Download RAW message or body]

Marcus,
Thanks for clarifying it for me.

Have a great day,
Jeff


Marcus Meissner said the following on 6/3/08 2:17 AM:
> On Mon, Jun 02, 2008 at 02:47:08PM -0400, Jeff VanDeRyt wrote:
>> Hi,
>> I have a question about the security updates for Apache 2 which are 
>> detailed in SUSE-SA:2008:021, and how it relates to SLES 9 and OES on SLES9.
>>
>> The Security Announcement lists 7 CVE numbers and includes links to 
>> updates for updates to Apache and Apache 2 on SLES9 
>> (http://support.novell.com/techcenter/psdb/484f33da03a9e3e4632f40254c4a96a3.html 
>>  and 
>> http://support.novell.com/techcenter/psdb/2c87b234552522821a81df2a63d03f8c.html). 
>>  However, these pages do not list all 7 CVE numbers as being addressed. 
>>  Specifically the Apache 2 page does not include CVE-2007-6421 and 
>> CVE-2007-6422 (both listed as affecting Apache 2 only).
>>
>> Does this mean Apache 2 on SLES 9 is not affected by CVE-2007-6421 and 
>> CVE-2007-6422?
> 
> Hi,
> 
> CVE-2007-6421 and CVE-2007-6422 only affects the Apache 2.2 series,
> while SLES 9 has Apache 2.0.59.
> 
> See:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421 and
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422
> 
> (mod_proxy_balancer is new in Apache2 2.2.)
> 
>> Tangentially related, what about CVE-2007-6420 and 2007-6423?  They are 
>> included in original SecruityAlert from SecurityReason 
>> (http://securityreason.com/securityalert/48) which included 
>> CVE-2007-6421 and CVE-2007-6422.
> 
> CVE-2007-6420 has not been fixed by upstream at the time of this update,
> we reminded them of it however.
> 
> CVE-2007-6423 only affects Apache on Windows (see original report and
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6423 ).
> 
> Ciao, Marcus
> 
> 
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security+help@opensuse.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic