[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Apache & SSL Update 2.0.1

Subject: [cobalt-security] Apache & SSL Update 2.0.1
From: Alan MacDonald <webmaster@xxxxxxxxxxxxxxx>
Date: Wed, 02 Oct 2002 12:17:36 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi,

Onhttp://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F45509&zone_32=category%3Asecurity,(Sun Cobalt "mod_ssl" ("apache-openssl-1.3.x") May Allow Local AccountCompromise) the workaround is to disallow per-directory configuration filesby only having "AllowOverride None" directives in your "httpd.conf" file.it also says Note: If ".htaccess" files are used to control access torestricted areas of web sites, these areas will become UNPROTECTED by thisaction.This info is referenced in thehttp://sunsolve.sun.com/patches/cobalt/raq4.eng.html entry for the patch.

I use .htaccess files to control access - will this patch clobber that?

rgds

Alan MacDonald
--
Webmaster - aceposition.com
webmaster@xxxxxxxxxxxxxxx
+353 51 855 939

Follow-Ups:
- Re: [cobalt-security] Apache & SSL Update 2.0.1
  - From: Jaana Jarve

Prev by Date: Re: [cobalt-security] solarspeed openssl package
Next by Date: Re: [cobalt-security] solarspeed openssl package
Previous by thread: Re: [cobalt-security] security patches
Next by thread: Re: [cobalt-security] Apache & SSL Update 2.0.1

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index