Re: Apache chunk handling vulnerability and Apache 1.3.24-3
René Seindal wrote:
>
> On Wed, 2002-06-19 at 13:39, NANTENAINA Tianarivo ulrich wrote:
> > Hi folk,
> >
> > We have some machine with testing and the version of the Apache on those
> > servers is 1.3.24-3. I would like to know if this version of apache
> > debian is also vulnerable. I've checked the announcement sent about the
> > patch but didn't find inside the patch for this version. As the advisory
> > said that Apache version 1.3.24 is still vulnerable, it worried me.
>
> I believe it is.
>
> If you use 32 bit machines you are 'only' vulnerable to a DoS attack,
> not a real compromise of your servers.
Note: Both Apache and CERT dispute that claim made by ISS that 32 bit
machines can only be DoSed.
> > What should I do?
>
> I have decided to wait a while to give the maintainers a fair chance to
> make the packages.
You could compile your own...
News is the fix is out.
http://www.theregister.co.uk/content/4/25779.html
--
| Bryan Andersen | bryan@visi.com | http://www.nerdvest.com |
| Buzzwords are like annoying little flies that deserve to be swatted. |
| "Linux, the OS Microsoft doesn't want you to know about.". |
| -Bryan Andersen |
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: