Date: Tue, 15 Jun 2004 02:01:26 +1200 (NZST) From: Andrew McNaughton <andrew@scoop.co.nz> To: Mark Bojara <mark@aboutit.co.za> Cc: freebsd-isp@freebsd.org Subject: Re: apache13 security problems Message-ID: <20040615014403.M26088@a2.scoop.co.nz> In-Reply-To: <1087193170.42134.23.camel@mark.aboutit.co.za> References: <375DD163B075E34EA3C10A6286E34A545489E6@exhsto1.se.dataphone.com> <1087193170.42134.23.camel@mark.aboutit.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 14 Jun 2004, Mark Bojara wrote: > Since this weekend new security holes in apache1.3.31 have been discovered. > However I have cvsupped my ports collection from both cvsup2.freebsd.org > and cvsup.ca.freebsd.org and there arent any changes in the cvs tree for > www/apache13 > > ===> apache-1.3.31_1 has known vulnerabilities: > >> mod_ssl stack-based buffer overflow. > Reference: <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488>; > >> Please update your ports tree and try again. > *** Error code 1 > > Does anybody have advise on how I could sort this out? Looking at the CVS repository, the comment on the makefile revision for Revision 1.151 of the Makefile says that it fixes the problem with mod_proxy. Looks like files/patch-proxy_util.c got added, and the PORTREVISION number updated in the Makefile. apache-1.3.31_1 or apache-1.3.31_2 (the later is half an hour old) should be OK. Andrew McNaughton -- No added Sugar. Not tested on animals. May contain traces of Nuts. If irritation occurs, discontinue use. ------------------------------------------------------------------- Andrew McNaughton Living in a shack in Tasmania andrew@scoop.co.nz Between the bush and the sea Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc http://www.scoop.co.nz/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040615014403.M26088>