Re: Apache update from SuSE ??

From: Seth Arnold (sarnold@wirex.com)
Date: 07/03/02


Date: Wed, 3 Jul 2002 10:14:40 -0700
From: Seth Arnold <sarnold@wirex.com>
To: focus-linux@securityfocus.com


On Mon, Jul 01, 2002 at 09:44:13AM +0200, Felix Seeger wrote:
> I've downloaded an apache update from SuSE. It is for SuSE Linux 7.0.
> The version of apache is 1.3.19.
>
> Is this the right version against the new apache worm ?
> Is this a special SuSE patched version ?

It is _very_ common among distributions to patch their existing packages
with fixes for only security vulnerabilities. Distributions normally put
notes in the package changelogs, which can be read with: rpm -q
--changelog -p /path/to/package/file. (Sorry, I never figured out how to
read debian package changelogs. The dpkg manpage will tell you how, if
you are curious.)

The rationale is to avoid large code changes that might provide
difficulties for users who are currently using existing packages without
problem. (Large changes are more likely to introduce bugs than small
changes.)

It _does_ make life difficult for end users, who can't just check the
version of apache installed on all their machines, but it does have its
upsides.

I hope this explanation has provided some insight into the wacky world
of distributions...

-- 
http://immunix.org/




Relevant Pages