[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tux-list
Subject:    Re: Is redhat hanging me out to dry?
From:       Joe Orton <jorton () redhat ! com>
Date:       2002-10-22 13:52:58
[Download RAW message or body]

Hi,

On Fri, Oct 18, 2002 at 11:25:24AM -0500, Cook, Jared wrote:
> Ok, so this isn't exactly tux related, but I run tux with Apache, and RedHat
> still hasn't released updated Apache rpms that integrate patches from
> 1.3.27.  What the hell is taking so long?

Apache 1.3.27 fixed three security bugs; (1) a local priviledge
escalation bug in shared memory scoreboard handling, (2) some buffer
overflows in the 'ab' tool, and (3) a cross-site scripting vulnerability
in the error page.

Apache 2.0 only suffers from problems (2) and (3); we will be issuing a
security erratum shortly.  (2) only affects you if you use 'ab' against
untrusted servers; (3) only affects you if you are using wildcard DNS
for your server (and you leave the "UseCanonicalName"  setting at "Off"
in httpd.conf).

Regards,

joe



_______________________________________________
tux-list mailing list
tux-list@redhat.com
https://listman.redhat.com/mailman/listinfo/tux-list
[prev in list] [next in list] [prev in thread] [next in thread]