Re: php vulnerability
Hello,
thanks for the quick reply.
They give a workaround at the web page:
http://CERT.Uni-Stuttgart.DE/ticker/article.php?mid=718
That is what I have in place right now.
Maybe it would be wise to alert debian users, give the workaround, and supply
the workaround later.
Rainer.
> Rainer Dorsch wrote:
> > Hello,
> >
> > I just got an email from our central computing center, that our web servers
> > run a version of apache/php which is vulnerable. Usually Debian is very good
> > on security issues and I thought Debian might have patched our system and the
> > computer center has only scanned the software version. But I did not see any
> > security update on php in Debian.
>
> Sorry, not enough time. We worked on the issue since it was known.
>
> > I checked lwn.net and found that redhat, suse, and mandrake have made
> > available security patches. I am wondering, if Debian is not vulnerable, if
> > the patch is very closed to be release, or if we have to enable the described
> > work arounds.
>
> We are vulnerable. Please stay calm (hope you can) and expect new packages
> soon.
>
> Regards,
>
> Joey
>
> --
> All language designers are arrogant. Goes with the territory...
> -- Larry Wall
>
> Please always Cc to me when replying to me on the lists.
>
--
Rainer Dorsch
Abt. Rechnerarchitektur e-mail:rainer.dorsch@informatik.uni-stuttgart.de
Uni Stuttgart Tel.: +49-711-7816-215 / Fax: +49-711-7816-288
Breitwiesenstr. 20-22 D-70565 Stuttgart
http://www.ra.informatik.uni-stuttgart.de/~rainer/
--
Rainer Dorsch
Abt. Rechnerarchitektur e-mail:rainer.dorsch@informatik.uni-stuttgart.de
Uni Stuttgart Tel.: +49-711-7816-215 / Fax: +49-711-7816-288
Breitwiesenstr. 20-22 D-70565 Stuttgart
http://www.ra.informatik.uni-stuttgart.de/~rainer/
--
Rainer Dorsch
Abt. Rechnerarchitektur e-mail:rainer.dorsch@informatik.uni-stuttgart.de
Uni Stuttgart Tel.: +49-711-7816-215 / Fax: +49-711-7816-288
Breitwiesenstr. 20-22 D-70565 Stuttgart
http://www.ra.informatik.uni-stuttgart.de/~rainer/
Reply to: