[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] openssl upgrade

Subject: Re: [cobalt-security] openssl upgrade
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 16 Sep 2002 13:57:06 -0400 (EDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Mon, 16 Sep 2002, John Bailey wrote:

> > 11) wget http://www.apache.org/dist/httpd/old/apache_1.3.20.tar.gz
>
> Possibly not a good idea unless you want to open yourself up to the
> chunked encoding attack[1], effecting all versions previous to 1.3.26.
>
> I believe that Sun back-ported the fix into their 1.3.20 based packages,
> but the date of the package on the Apache server is May, so it won't
> contain any fixes.
>

We don't install  it,
Its only used so mod_ssl can compile


Gerald
--
http://frontstreetnetworks.com | http://raqware.com
229 Front Street, Ste. C, New Haven, CT. 06513-3203
Phone: +1 203-785-0699

Follow-Ups:
- Re: [cobalt-security] openssl upgrade
  - From: John Bailey

References:
- Re: [cobalt-security] openssl upgrade
  - From: John Bailey

Prev by Date: Re: [cobalt-security] openssl upgrade
Next by Date: Re: [cobalt-security] openssl upgrade - PKG for the RaQ4 available
Previous by thread: Re: [cobalt-security] openssl upgrade
Next by thread: Re: [cobalt-security] openssl upgrade

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index