Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Apache 1.3.27
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
-- Thor --
n00b
n00b


Joined: 31 Aug 2002
Posts: 49

PostPosted: Sat Oct 05, 2002 6:24 pm    Post subject: Apache 1.3.27 Reply with quote

Hi,

The following bugs were addressed in apache 1.3.27: (from apache.org)
Quote:

The main security vulnerabilities addressed in 1.3.27 are:

* Fix the security vulnerability noted in CAN-2002-0839 (cve.mitre.org) regarding ownership permissions of System V shared memory based scoreboards. The fix resulted in the new ShmemUIDisUser directive.
* Fix the security vulnerability noted in CAN-2002-0840 (cve.mitre.org) regarding a cross-site scripting vulnerability in the default error page when using wildcard DNS.
* Fix the security vulnerability noted in CAN-2002-0843 (cve.mitre.org) regarding some possible overflows in ab.c which could be exploited by a malicious server.


I do not use wildcard DNS, however I am not real sure about the other two -- an apache guru I am not. Any insights as to the necessity of upgrading would be appreciated.

Regards,

Jeff
Back to top
View user's profile Send private message
mglauche
Retired Dev
Retired Dev


Joined: 25 Apr 2002
Posts: 564
Location: Germany

PostPosted: Sun Oct 06, 2002 8:59 am    Post subject: Reply with quote

from what i've heared they are pretty minor bugs, no real security threads, but i'm sure they get fixed in the next round of ebuilds :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum