Andrew Robert Nicols wrote:
We've been running SGD for about 2 years. In that time I've not seen a
single patch on the Sun website relating to any Apache vulnerabilities.
A patch was released yesterday for Apache2 relating to APR and a remote
code execution. I've downloaded the latest version of Apache 2.2 and tried
to compile on my SGD server (Running Sol 10u6) to no avail.
CVE is http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2412
Can anyone shed some light on:
a) how they keep their SGD service secured and up-to-date; and
b) how they've patched Apache for this vulnerability.
hi Andrew,
i see no official "Sun Alert" available as of yet:
http://search.sun.com/main/index.jsp?col=main-support-sunalerts&oneof=security&nh=100&rf=1&type=advanced&optstat=true
i guess there should be a sun alert regarding this issue soon and maybe
we'll see new sgd build that has the fix for this apr/apu vulnerability.
sun choose not to maintain the secure global desktop product using the
standard patch mechanisms, instead they release new builds of the
product that containing bug fixes, new features etc.
greetings,
Stoyan
_______________________________________________
SGD-Users mailing list
SGD-Users@filibeto.org
http://www.filibeto.org/mailman/listinfo/sgd-users
