Re: Apache chunk handling vulnerability and Apache 1.3.24-3
On Wed, 2002-06-19 at 13:39, NANTENAINA Tianarivo ulrich wrote:
> Hi folk,
>
> We have some machine with testing and the version of the Apache on those
> servers is 1.3.24-3. I would like to know if this version of apache
> debian is also vulnerable. I've checked the announcement sent about the
> patch but didn't find inside the patch for this version. As the advisory
> said that Apache version 1.3.24 is still vulnerable, it worried me.
I believe it is.
If you use 32 bit machines you are 'only' vulnerable to a DoS attack,
not a real compromise of your servers.
> What should I do?
I have decided to wait a while to give the maintainers a fair chance to
make the packages.
Beware that if the maintainers are US-based they will work while you and
I are sleeping, so you might not see the updated packages in unstable
before tomorrow.
--
René Seindal (rene@seindal.dk) http://www.seindal.dk/rene/
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: