[prev in list] [next in list] [prev in thread] [next in thread]
List: tux-list
Subject: Re: Is redhat hanging me out to dry?
From: Joe Orton <jorton () redhat ! com>
Date: 2002-10-22 13:52:58
[Download RAW message or body]
Hi,
On Fri, Oct 18, 2002 at 11:25:24AM -0500, Cook, Jared wrote:
> Ok, so this isn't exactly tux related, but I run tux with Apache, and RedHat
> still hasn't released updated Apache rpms that integrate patches from
> 1.3.27. What the hell is taking so long?
Apache 1.3.27 fixed three security bugs; (1) a local priviledge
escalation bug in shared memory scoreboard handling, (2) some buffer
overflows in the 'ab' tool, and (3) a cross-site scripting vulnerability
in the error page.
Apache 2.0 only suffers from problems (2) and (3); we will be issuing a
security erratum shortly. (2) only affects you if you use 'ab' against
untrusted servers; (3) only affects you if you are using wildcard DNS
for your server (and you leave the "UseCanonicalName" setting at "Off"
in httpd.conf).
Regards,
joe
_______________________________________________
tux-list mailing list
tux-list@redhat.com
https://listman.redhat.com/mailman/listinfo/tux-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic