Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 21 Jun 2002 01:43:19 -0700 (PDT)
From:      Lamont Granquist <lamont@scriptkiddie.org>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        Frank Mayhar <frank@exit.com>, Patrick Thomas <root@utility.clubscholarship.com>, <freebsd-hackers@FreeBSD.ORG>
Subject:   Re: inuring FreeBSD to the apache bug without upgrading apache ?
Message-ID:  <20020621014218.R933-100000@coredump.scriptkiddie.org>
In-Reply-To: <20020621004953.A80059@xor.obsecurity.org>

next in thread | previous in thread | raw e-mail | index | archive | help


On Fri, 21 Jun 2002, Kris Kennaway wrote:
> On Thu, Jun 20, 2002 at 07:33:54PM -0700, Frank Mayhar wrote:
> > Kris Kennaway wrote:
> > > Surely it's easier to just upgrade the apache port, instead of
> > > recompiling your kernel and the entire OS.
> >
> > Not always.  (I'm running an old version of Covalent Raven SSL and I'm
> > loathe to upgrade.  "If it works, don't fix it" and there are only so
> > many hours in a day.)
>
> The exact same argument can be made for not upgrading the OS, which is
> a much larger endeavour and can potentially screw things up much
> worse.

You can just patch the running version of apache with the diffs that fix
the security hole.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020621014218.R933-100000>