Re: apache13 security problems

From: Andrew McNaughton (andrew_at_scoop.co.nz)
Date: 06/14/04

  • Next message: John Brooks: "Console dead" 
    Date: Tue, 15 Jun 2004 02:01:26 +1200 (NZST)
To: Mark Bojara <mark@aboutit.co.za>

    On Mon, 14 Jun 2004, Mark Bojara wrote:

    > Since this weekend new security holes in apache1.3.31 have been discovered.
    > However I have cvsupped my ports collection from both cvsup2.freebsd.org
    > and cvsup.ca.freebsd.org and there arent any changes in the cvs tree for
    > www/apache13
    >
    > ===> apache-1.3.31_1 has known vulnerabilities:
    > >> mod_ssl stack-based buffer overflow.
    > Reference: <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488>
    > >> Please update your ports tree and try again.
    > *** Error code 1
    >
    > Does anybody have advise on how I could sort this out?

    Looking at the CVS repository, the comment on the makefile revision for
    Revision 1.151 of the Makefile says that it fixes the problem with
    mod_proxy.

    Looks like files/patch-proxy_util.c got added, and the PORTREVISION number
    updated in the Makefile. apache-1.3.31_1 or apache-1.3.31_2 (the later is
    half an hour old) should be OK.

    Andrew McNaughton 

    --
No added Sugar.  Not tested on animals.  May contain traces of Nuts.  If
irritation occurs, discontinue use.
-------------------------------------------------------------------
Andrew McNaughton           Living in a shack in Tasmania
andrew@scoop.co.nz          Between the bush and the sea
Mobile: +61 422 753 792     http://staff.scoop.co.nz/andrew/cv.doc
                            http://www.scoop.co.nz/
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
  • Next message: John Brooks: "Console dead"