On Thu, Jun 20, 2002 at 01:29:04PM +1000, John wrote:
| There's now an exploit in the wild for Apache (the chunked whatever 
| bug). The DSA mentions an update which is version 1.3.9-14.1
| 
| We need a version > 1.2.12, and are running 1.3.23 from woody. Is there 
| any idea where a patched 1.3.23 for woody might be? Or should I install 
| from source from apache.org?

Woody currently has 1.3.24-3 (as does sid).  (at least, according to
the mirror I use)

Nonetheless, the DSA says it affects 64-bit architectures.  It sounds
like if you're not using a 64-bit system (eg SPARC or ia64) then you
aren't vulnerable.

<quote>
... might allow arbitrary code execution on 64 bit architectures.
</quote>

-D

-- 

A violent man entices his neighbor
and leads him down a path that is not good.
        Proverbs 16:29
 
http://dman.ddts.net/~dman/

Attachment: pgpiGdokHtzQR.pgp
Description: PGP signature

Reply via email to