In this link: http://wiki.apache.org/httpd/CVE-2011-3192
FIX ==== This vulnerability has been fixed in release 2.2.20 and further corrected in 2.2.21. You are advised to upgrade to version 2.2.21 (or newer) or the legacy 2.0.65 release, once this is published (anticipated in September). If you cannot upgrade, or cannot wait to upgrade - you can apply the appropriate source code patch and recompile a recent existing version; http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/ (for 2.2.9 - .14) http://www.apache.org/dist/httpd/patches/apply_to_2.2.19/ (for 2.2.15 - .19) http://www.apache.org/dist/httpd/patches/apply_to_2.0.64/ (for 2.0.55 - .64) If you cannot upgrade and/or cannot apply above patches in a timely manner then you should consider to apply one or more of the mitigation suggested below. Ayelet Regev-Dabah System Software Platform TL Comverse Office: +972 3 6459362 [email protected] www.comverse.com -----Original Message----- From: Eric Covener [mailto:[email protected]] Sent: Sunday, September 30, 2012 4:05 PM To: [email protected] Subject: Re: [users@httpd] availability of httpd 2.0.65 On Sun, Sep 30, 2012 at 9:56 AM, Regev Ayelet <[email protected]> wrote: > Hi All, > > According to apache.org , httpd 2.0.65 suppose to be released during > September. > Does anyone have updates on this issue? > I tried to install the patch, but my security system still claim there is a > security bug… > Where do you see a date listed for 2.0.65? --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] “This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Technology or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: [email protected]. Thank You.” --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
