[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
- Subject: Re: [cobalt-security] Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
- From: John Bailey <support@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 22 Jun 2002 01:45:36 +0100 (BST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi All,
> Please give us some info Sun/Cobalt, this is very urgent as exploit code is
> out in the wild.
I'm not usually one to jump to criticise, but I must admit I'm
dissapointed in the response here - I've watched vendor notifications
trickle in from many major distributions (Redat, SuSE, etc), but nothing
for the RaQ. I appreciate that items released in haste (eg. IIS's Apache
patch!) are prone to mistakes and that quality needs to be ensured, but at
least having a date to expect a patch would be good.
Personally, I got tired of waiting and upgraded from source last night.
My philosophy is get a fixed version on there now and worry about packages
later.
<cheap shot, not really intended at Sun/Cobalt staff [1]>
I also noticed that the Cobalt Support Downloads page has now been updated
so that it re-directs to SunSolve - does integrating the web-sites get
priority over releasing security fixes?
</cheap shot>
Regards,
John
[1] Playing devil's advocate here really as I also noticed that there's a
new Security Bundle released on the 18th and that the people responsible
for releasing security fixes probably arn't the same as those merging the
web sites.