RE: [TCLUG:876] SECURITY: new apache packages now available

To: tclug-list@listserv.real-time.com
Subject: RE: [TCLUG:876] SECURITY: new apache packages now available
From: Ben Kochie <ben@intexp.com>
Date: Tue, 11 Aug 1998 00:24:24 -0500 (CDT)
In-Reply-To: <19980810192509.L15881@wizard.real-time.com>
Sender: ben@MicroQ.nerp.net

yes, i saw this message, what bothers me is there seems to be no official word
from apache as to when or how they plan to release a patch.. someone said they
were still working on a proper fix.. but geez, this has been out since about 9
or 10 on friday.. i'm just glad it's not a really bad bug, and it's more
dificult to make a spoofing version of the sploit

you can also search the bugtraq archives and get the same quickfix patch code,
and apply it to your 1.3.1 servers



On 11-Aug-98 Bob Tanner wrote:
> FYI
> 
> ----- Forwarded message from Erik Troan <ewt@redhat.com> -----
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> 
>> 
>> A denial-of-service attack against the Apache web server has been found
>> which
>> lets remote sites disable your web server. This attack does not let remote
>> users gain any sort of access to your computer, nor does it let local users
>> gain any special access.
>> 
>> Red Hat recommends upgrading apache on systems which are functioning as
>> Internet servers. After installing the new apache package, be sure to
>> restart the apache server as follows:
>> 
>>      /etc/rc.d/init.d/httpd stop
>>      /etc/rc.d/init.d/httpd start
>> 
>> A fix for the Red Hat Secure Server will be available later this week.
>> 
>> Red Hat 5.0 and 5.1
>> - -------------------
>> 
>> i386:
>> rpm -Uvh ftp://ftp.redhat.com/updates/5.1/i386/apache-1.2.6-5.i386.rpm
>> 
>> alpha:
>> rpm -Uvh ftp://ftp.redhat.com/updates/5.1/alpha/apache-1.2.6-5.alpha.rpm
>> 
>> SPARC:
>> rpm -Uvh ftp://ftp.redhat.com/updates/5.1/sparc/apache-1.2.6-5.sparc.rpm
>> 
>> Red Hat 4.2
>> - -------------
>> 
>> i386:
>> rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/apache-1.2.5-0.1.i386.rpm
>> 
>> alpha:
>> rpm -Uvh ftp://ftp.redhat.com/updates/4.2/alpha/apache-1.2.5-0.1.alpha.rpm
>> 
>> SPARC:
>> rpm -Uvh ftp://ftp.redhat.com/updates/4.2/sparc/apache-1.2.5-0.1.sparc.rpm
>> 
>> 
>> -----BEGIN PGP SIGNATURE-----
>> Version: 2.6.2
>> 
>> iQCVAwUBNc+OjKUg6PHLopv5AQF4BwQAn644idqP53NXN7a6OgswjD7V5cLTFE6N
>> SB5fK1Fyswqvj11x1bxSgIXXfFZdnJcpb606XETMp99Sz7MXrEJg3423uG/vS00D
>> yVcdU1sGgJNOXAX7nRpY75siVK7qLrH3IDOVrBj3vvEvzK+pre4YviWSe7pzj4Xd
>> QLhwpCVb0UI=
>> =rzJt
>> -----END PGP SIGNATURE-----
>> 
> 
> ----- End forwarded message -----
> 
> -- 
> Bob Tanner <tanner@real-time.com>       | Phone : (612)943-8700
> http://www.real-time.com                | Fax   : (612)943-8500
> Key fingerprint =  6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@listserv.real-time.com
> For additional commands, e-mail: tclug-list-help@listserv.real-time.com
> Try our website: http://tclug.real-time.com

Thank You,
        Ben Kochie (ben@intexp.com)

*----------------------------*  [ - * - * - * - * - * - * - * - ]
| Unix/Linux Consulting      |  [ Haiku Error Message:          ]
|  PC/Mac Repair             |  [  Chaos reigns within.         ]
|   Networking               |  [  Reflect, repent, and reboot. ]
|                            |  [  Order shall return.          ]
| http://chef.intexp.com     |  [                               ]
*----------------------------*  [ - * - * - * - * - * - * - * - ]

References:
- SECURITY: new apache packages now available
  - From: Bob Tanner <tanner@real-time.com>

Prev by Date: Re: [TCLUG:873] kernel compile problem [update]
Next by Date: speaking of web stuff
Prev by thread: SECURITY: new apache packages now available
Next by thread: speaking of web stuff
Index(es):
- Date
- Thread