[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apache chunk handling vulnerability and Apache 1.3.24-3

On Wed, 2002-06-19 at 13:39, NANTENAINA Tianarivo ulrich wrote:
> Hi folk,
> 
> We have some machine with testing and the version of the Apache on those
> servers is 1.3.24-3. I would like to know if this version of apache
> debian is also vulnerable. I've checked the announcement sent about the
> patch but didn't find inside the patch for this version. As the advisory
> said that Apache version 1.3.24 is still vulnerable, it worried me.

I believe it is.

If you use 32 bit machines you are 'only' vulnerable to a DoS attack,
not a real compromise of your servers.

> What should I do?

I have decided to wait a while to give the maintainers a fair chance to
make the packages.

Beware that if the maintainers are US-based they will work while you and
I are sleeping, so you might not see the updated packages in unstable
before tomorrow.

-- 
René Seindal (rene@seindal.dk)              http://www.seindal.dk/rene/
 


--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: