[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] openssl upgrade

Subject: Re: [cobalt-security] openssl upgrade
From: John Bailey <support@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 16 Sep 2002 18:56:59 +0100 (BST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> 11) wget http://www.apache.org/dist/httpd/old/apache_1.3.20.tar.gz

Possibly not a good idea unless you want to open yourself up to the
chunked encoding attack[1], effecting all versions previous to 1.3.26.

I believe that Sun back-ported the fix into their 1.3.20 based packages,
but the date of the package on the Apache server is May, so it won't
contain any fixes.

Thanks,

John

[1] http://httpd.apache.org/info/security_bulletin_20020617.txt

Follow-Ups:
- Re: [cobalt-security] openssl upgrade
  - From: Gerald Waugh

References:
- [cobalt-security] openssl upgrade
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-security] openssl upgrade - PKG for the RaQ4 available
Next by Date: Re: [cobalt-security] openssl upgrade
Previous by thread: Re: [cobalt-security] openssl upgrade - PKG for the RaQ4 available
Next by thread: Re: [cobalt-security] openssl upgrade

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index