To: freebsd-security@freebsd.org
Date: Thu, 30 Sep 2004 13:45:16 -0700
Hi all,
There has been another vulnerability [1] discovered in apache2. This
affects only version 2.0.51 (where it was introduced). The ports
tree is frozen, pending 5.3-R, so I assume that an update of the
apache2 port to 2.0.52 is not forthcoming any time soon.
The question is this -- since the apache2 in the ports tree is 2.0.50
plus patches, does the version in the ports tree have this
vulnerability? It seems that it only would if the patches to 2.0.50
introduced the vulnerability... Does anyone know?
RE: Reflections on Trusting Trust ... > tree - which gets back to the issue of trusting the FreeBSD distribution. ... Anyone who is between you and freebsd cvsup server can make his own ports... yet, installing a ca-root certificates port, downloading a public key or ... resynching your ports tree implies on network transmission of certificates,... (FreeBSD-Security)
[UNIX] Apache2 mod_proxy_balancer CSRF, XSS, Memory Corruption and DoS Vulnerability ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ...Apache2 mod_proxy_balancer CSRF, XSS, Memory Corruption and DoS ... You can use balancer manager to change the balance factor or a particular ... Apache2 Cross-Site Request Forgery Vulnerability... (Securiteam)
Re: Totally lost ... There is a target there for "updating" the tree via ... that it's not in the ports.... what's the difference in using cvsup or portupdate to update the ... (I can only assume that if there's such a thing as 'portupdate',... (freebsd-questions)
Re: [OT] CVSUP (was "Re: Was: Re: Why This Infinite Loop??") ... if he is not familiar with the FBSD ports system.... supposedly an advantage of portsnap.... The protocol uses no encryption or signing, and any attacker who can intercept the connection can insert arbitrary data into the tree you are updating. ... this means that anyone who can compromise a CVSup mirror can feed arbitrary data to the people who are using that mirror. ... (freebsd-questions)
Re: RE: Portage tree ... > have it installed in your system you can install it from ... You can actually update the ports tree in 3 ways I've found and I used them ... A new tree is built after the FTP is completed. ... (freebsd-newbies)
