AW: DSA 131: Apache Vulnerability

2002-06-21 Thread Marcel Weber 
Hi

Good you mentioned it. All my boxes are behind firewalls. For the building
from source, yes I know, it's a good idea to do this. The point is, I'm
doing this on systems that are only maintained by myself, one system is even
a linux box running a very own distribution, all built from source. But
there are some systems that are running in companies where I'm rather having
a job as a consultant and specialist. So the setup should be easy and
maintainable for the local administrators (They're all new to linux and
freightened by the command line ;-)

Have a nice day!

Marcel


PS: I put the 1.3.26 packages on my woody boxes. It's running perfectly even
with some self built modules (tomcat 4.0.1, etc.). There is just a
dependency conflict in dselect with libapache-mod-perl, that instists that
apache-commmon should be 1.3.25. However, even libapache-mod-perl is
running smoothly with 1.3.26.






PGP / GPG Key:http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc

 -Ursprungliche Nachricht-
 Von: Arthur H. Johnson II [mailto:[EMAIL PROTECTED] Auftrag
 von Arthur H. Johnson II
 Gesendet: Freitag, 21. Juni 2002 02:49
 An: Marcel Weber
 Cc: debian-testing@lists.debian.org; debian-security@lists.debian.org
 Betreff: Re: DSA 131: Apache Vulnerability



 I have two relative policies:

 1. Always use a firewall to filter out everything but what is absolutely
 necessary, ie web, email, etc.

 2. Always build stuff filtered to the internet from source that way when a
 vulnerability is released, you can update it rather quickly, no matter
 what the distro you are running is.



 --
 Arthur H. Johnson II, Debian GNU/Linux Advocate
 Catechist, St John Catholic Church, Davison MI USA
 President, Genesee County Linux Users Group

 IRC:  [EMAIL PROTECTED],#debian
 YIM:  arthurjohnson
 AIM:  bytor4232
 ICQ:  31770438

 On Thu, 20 Jun 2002, Marcel Weber wrote:

  Hi there
 
  I got a little question, a bit silly perhaps. When will there be any
  packages of Apache 1.3.26 or a backported patch for 1.3.24 for
 woody? Will
  it be in the next time or would it make sense to upgrade by hand, say by
  compiling one's own binaries. Well yes I know, that there is
 some testing
  going on of the new security infrastructure for woody, etc. But
 shame on me,
  I have some woody systems running in a productive environment...
 
  Marcel
 
 
 


 --
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact
 [EMAIL PROTECTED]





-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

AW: DSA 131: Apache Vulnerability

2002-06-20 Thread Marcel Weber 
Cool, thank you all!

Marcel

-Ursprungliche Nachricht-
Von: Vincent Renardias [mailto:[EMAIL PROTECTED]
Gesendet: Donnerstag, 20. Juni 2002 20:51
An: Marcel Weber
Cc: debian-testing@lists.debian.org; debian-security@lists.debian.org
Betreff: Re: DSA 131: Apache Vulnerability



On Thu, 20 Jun 2002, Marcel Weber wrote:

 Hi there

 I got a little question, a bit silly perhaps. When will there be any
 packages of Apache 1.3.26 or a backported patch for 1.3.24 for woody? Will
 it be in the next time or would it make sense to upgrade by hand, say by
 compiling one's own binaries. Well yes I know, that there is some testing
 going on of the new security infrastructure for woody, etc. But shame on
me,
 I have some woody systems running in a productive environment...

On http://www.renardias.com/debian/ you'll find:
- my unofficial fixed 1.3.24 version.
- the official 1.3.26 Debian packages from Matthew Wilcox that are
currently propagating on FTP mirrors.

Cordialement,

--
Vincent RENARDIAS
Directeur Technique
StrongHoldNET / http://www.strongholdnet.com


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
[EMAIL PROTECTED]




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]