Re: Attempts to push spam through apache

From: David Benfell (benfell_at_parts-unknown.org)
Date: 08/23/04

  • Next message: Jan Knutar: "Re: Attempts to push spam through apache"
    Date: Sun, 22 Aug 2004 23:02:59 -0700
    To: focus-linux@securityfocus.com
    
    

    On Sat, 21 Aug 2004 23:51:47 -0500, Gabriel Orozco wrote:
    >
    > I know there are other, newer apache versions, but SuSE doesn't have them. I
    > disabled apache until the client authorizes the fix proposed (upgrade from
    > sources).
    >
    SuSE, and other distributors, commonly preserve the version number of
    software even as they patch the versions they offer to fix
    vulnerabilities. It's a headache because it means you have to look at
    their README files and other documentation to see if they've fixed the
    vulnerabilities you're looking for.

    But apparently, it avoids breaking their package management systems.

    -- 
    David Benfell, LCP
    benfell@parts-unknown.org
    ---
    Resume available at http://www.parts-unknown.org/resume.html
    

  • Next message: Jan Knutar: "Re: Attempts to push spam through apache"