[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Security: Denial of Service Update 2.5

Subject: [cobalt-security] Security: Denial of Service Update 2.5
From: Malcolm McLeary <mmcleary@xxxxxxx>
Date: Sun, 15 Oct 2000 12:07:45 +1100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

From: "James Hoaggs" <james_hoaggs@xxxxxxxxxx>
Date: Sat, 14 Oct 2000 10:08:06 -0700
To: mmcleary@xxxxxxx
Subject: Security: Denial of Service Update 2.5

Has anyone installed this on Raqs or Qubes and is it recommended :

SSL-related Upgrades:

Security: Denial of Service Update 2.5 This security update fixes a denial
of service(DoS) attack problem with Apache. Using a bug in the HTTP headers,
anyone can call certain urls, that will result in Apache 1.3.3 consuming
all system resources. This DoS attack can affect any Apache 1.3.3 web
server. Applies only to Apache 1.3.3, Apache 1.3.1 is not vulnerable
to this type of attack. Installing this update will eliminate the
vulnerability
to DoS attack. 
This package is based on Cobalt Networks package but only updates the
Web-server not the adminserver as the one we deliver is based on 1.3.4
and not vulnerable to this DoS problem.

Qube2-Security-2.5-brosoft.pkg

http://www.brosoft.net/en/

Cheers,
James

-- 
James Hoaggs
james_hoaggs@xxxxxxxxxx - email
(408) 380-2271 x8024 - voicemail/fax

Prev by Date: RE: [cobalt-security] 'proftpd-inetd appears to be from newer ver sion' message (x-posted)
Next by Date: RE: [cobalt-security] Open SSL
Previous by thread: [cobalt-security] Some one is changing a user password
Next by thread: [cobalt-security] URGENT!!

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index