Re: Is Raw Hide Apache RPM stable with RH 9?
On Mon, 18 Aug 2003, at 12:34am, [EMAIL PROTECTED] wrote: > My Apache 2.0.40 / RH 9 Web server seems to have been getting DoS'd more > frequently as of late. Elaborate, please. > I thought I had the most recent packages installed, but it turns out the > latest RPM redhat has released was for 2.0.40 ... Keep in mind that Red Hat, like many (most?) distro vendors, backports security fixes into their production releases. That helps reduce the scope of the changes that need to be made. Also keep in mind that bugs may be discovered in Apache that only affect certain configurations, and Red Hat's packages may be configured in such a way that they are not effected. That being said... It appears that the current Red Hat production release for RHL 9 is 2.0.40-21.3. From the information in the RHSA-2003:186-06 advisory[1], I conclude that release contains fixes up through Apache httpd 2.0.46, but no later. The Apache website[2] leads me to believe that several vulnerabilities are present in 2.0.46 which Red Hat release 2.0.40-21.3 might be vulnerable to. *That* being said... CAN-2003-0192 - It appears this would only affect you if you are using the "SSLCipherSuite" directive, and the worst exposure would be a weaker SSL cipher being chosen. CAN-2003-0254 - It appears this would only affect you if you are using Apache as an HTTP proxy, and connecting to an IPv6 FTP site via said proxy. CAN-2003-0253 - It appears this would only affect you if you have multiple listening sockets configured in Apache. [3] VU#379828 - I could not find any documentation on this issue. Even the CERT Vulnerability database does not have that VU# on file (not publicly, anyway). Thus, I cannot make an analysis. All in all, I would say running the latest RHL 9 production release should be safe, EXCEPT for the VU#379828 mystery bug. What little information I could find on that one certainly makes it sound like it would be exploitable for DoS. Footnotes - [1] https://rhn.redhat.com/errata/RHSA-2003-186.html [2] http://www.apache.org/dist/httpd/Announcement2.html [3] http://www.apacheweek.com/features/security-20 -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Is Raw Hide Apache RPM stable with RH 9?
On Mon, 2003-08-18 at 00:34, Greg Bonnette wrote: > My Apache 2.0.40 / RH 9 Web server seems to have been getting DoS’d > more frequently as of late. I thought I had the most recent packages > installed, but it turns out the latest RPM redhat has released was for > 2.0.40, and the current release is 2.0.47. I searched rpmfind.net as > usual and found an apache 2.0.47 rpm for the developmental Raw Hide > release. Has anyone upgraded their RH 9 apache packages with this > rawhide rpm? I know my other option is to remove the old package and > install the latest version the old fashioned way, but I like the > convenience of the RPM’s. If only up2date was actually up to date. > Thanks RedHat generally "backports" security patches to work with their supported versions of packages if they don't want to offer the latest version. This is especially true for packages such as apache and the kernel. If it's the case that the latest official update RPM for RH 9 (httpd-2.0.40-11.5) is vulnerable to a known DoS exploit, then I believe RedHat is either working on releasing a new update or the exploit is brand new and the 2.0.47 release is probably vulnerable to it as well. Rawhide RPMs are definitely *not* to be used on production systems, and I wouldn't recommend it unless you're desperate. Scott -- Scott A. GarmanUnix System Administrator sgarman at einstein dot unh dot eduUNH Nuclear Physics Group ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Is Raw Hide Apache RPM stable with RH 9?
My Apache 2.0.40 / RH 9 Web server seems to have been getting DoS’d more frequently as of late. I thought I had the most recent packages installed, but it turns out the latest RPM redhat has released was for 2.0.40, and the current release is 2.0.47. I searched rpmfind.net as usual and found an apache 2.0.47 rpm for the developmental Raw Hide release. Has anyone upgraded their RH 9 apache packages with this rawhide rpm? I know my other option is to remove the old package and install the latest version the old fashioned way, but I like the convenience of the RPM’s. If only up2date was actually up to date. Thanks -Greg
Need to make my thumb buuton on my mouse do a Back
I've looked everywhere and I can't find the answer. I'm hoping someone here might know how to do this. Running Red Hat 9 and Mozilla 1.4b I got my thumb button working as Button6 on my Logitech Cordless Mouseman Wheel. Now I just need to know how to hook up the thumb button to the Back function. Is there a way to do this key definition for a mouse button under Mozilla? Very grateful. TIA -- -Time flies like the wind. Fruit flies like a banana. Stranger things have - -happened but none stranger than this. Does your driver's license say Organ -Donor?Black holes are where God divided by zero. Listen to me! We are all- -individuals! What if this weren't a hypothetical question? steveo at syslang.net ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Converting a mailbox
Tom Buskey wrote: I was reading an article on another mailing list online that was talking about converting between their mailer(yahoo) and an mbox format and that got me to thinking. Is there any way to convert from the hotmail format to an mbox format? I did a google search but have thus far found nothing. I figured I would query the combined knowledge of the group to see what I could come up with. So, does anyone here know of a way to download your hotmail mail and convert it to an mbox format? Look on http://freshmeat.net. I think I've seen a number of tools that pull your mail off hotmail. You know, I tend to forget to look there. Thanks for the reply! Regards, Jeff gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Converting a mailbox
> I was reading an article on another mailing list online that was talking > about converting between their mailer(yahoo) and an mbox format and > that got me to thinking. Is there any way to convert from the hotmail > format to an mbox format? I did a google search but have thus far > found nothing. I figured I would query the combined knowledge of the > group to see what I could come up with. So, does anyone here know of a > way to download your hotmail mail and convert it to an mbox format? > Look on http://freshmeat.net. I think I've seen a number of tools that pull your mail off hotmail. ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Converting a mailbox
I was reading an article on another mailing list online that was talking about converting between their mailer(yahoo) and an mbox format and that got me to thinking. Is there any way to convert from the hotmail format to an mbox format? I did a google search but have thus far found nothing. I figured I would query the combined knowledge of the group to see what I could come up with. So, does anyone here know of a way to download your hotmail mail and convert it to an mbox format? Regards, Jeff ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
