'[oss-security] Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept
From:       Yann Ylavic <ylavic.dev () gmail ! com>
Date:       2018-03-27 8:58:50
Message-ID: CAKQ1sVM601_qrcr_-Y8axM=etSCDVh7k3h_ZkRjSA1Va1aH_Tw () mail ! gmail ! com
[Download RAW message or body]

Hi Dago,

On Mon, Mar 26, 2018 at 9:42 PM, Dagobert [...] wrote:
>
> Am 26.03.2018 um 07:06 schrieb Daniel Ruggeri:
>>
>> Users of (the now end-of-life) httpd 2.2 who cannot upgrade at this time
>> should apply CVE-2017-15710.patch, which is available at
>>
>>   https://www.apache.org/dist/httpd/patches/apply_to_2.2.34/
>
> This link does not exist, there is only
>   https://www.apache.org/dist/httpd/patches/apply_to_2.4.27/

Thanks for noticing and letting us know.

The 2.2 version of httpd has ended its long life and went to the attic
(almost simultaneously with this announcement):
  https://archive.apache.org/dist/httpd/patches/apply_to_2.2.34/

Regards,
Yann.
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic