View previous topic :: View next topic |
Author |
Message |
-- Thor -- n00b
Joined: 31 Aug 2002 Posts: 49
|
Posted: Sat Oct 05, 2002 6:24 pm Post subject: Apache 1.3.27 |
|
|
Hi,
The following bugs were addressed in apache 1.3.27: (from apache.org)
Quote: |
The main security vulnerabilities addressed in 1.3.27 are:
* Fix the security vulnerability noted in CAN-2002-0839 (cve.mitre.org) regarding ownership permissions of System V shared memory based scoreboards. The fix resulted in the new ShmemUIDisUser directive.
* Fix the security vulnerability noted in CAN-2002-0840 (cve.mitre.org) regarding a cross-site scripting vulnerability in the default error page when using wildcard DNS.
* Fix the security vulnerability noted in CAN-2002-0843 (cve.mitre.org) regarding some possible overflows in ab.c which could be exploited by a malicious server.
|
I do not use wildcard DNS, however I am not real sure about the other two -- an apache guru I am not. Any insights as to the necessity of upgrading would be appreciated.
Regards,
Jeff |
|
Back to top |
|
|
mglauche Retired Dev
Joined: 25 Apr 2002 Posts: 564 Location: Germany
|
Posted: Sun Oct 06, 2002 8:59 am Post subject: |
|
|
from what i've heared they are pretty minor bugs, no real security threads, but i'm sure they get fixed in the next round of ebuilds |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|