[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] openssl upgrade
- Subject: Re: [cobalt-security] openssl upgrade
- From: John Bailey <support@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 16 Sep 2002 18:56:59 +0100 (BST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> 11) wget http://www.apache.org/dist/httpd/old/apache_1.3.20.tar.gz
Possibly not a good idea unless you want to open yourself up to the
chunked encoding attack[1], effecting all versions previous to 1.3.26.
I believe that Sun back-ported the fix into their 1.3.20 based packages,
but the date of the package on the Apache server is May, so it won't
contain any fixes.
Thanks,
John
[1] http://httpd.apache.org/info/security_bulletin_20020617.txt