From owner-freebsd-security  Tue Jun 18  8:13:16 2002
Delivered-To: freebsd-security@freebsd.org
Received: from goanga.com (goanga.com [193.231.240.30])
	by hub.freebsd.org (Postfix) with ESMTP id 26FFE37B40D
	for <security@FreeBSD.ORG>; Tue, 18 Jun 2002 08:13:10 -0700 (PDT)
Received: from abc.ro (goanga.com [193.231.240.30])
	by goanga.com (8.11.3/8.11.3) with ESMTP id g5IFD4B24825
	for <security@FreeBSD.ORG>; Tue, 18 Jun 2002 18:13:07 +0300 (EEST)
	(envelope-from andrei@abc.ro)
Message-ID: <3D0F4DFF.4ABEE1FB@abc.ro>
Date: Tue, 18 Jun 2002 18:13:03 +0300
From: ANdrei <andrei@abc.ro>
Organization: Cronon AG - tech department
X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: de, ro, en
MIME-Version: 1.0
To: security@FreeBSD.ORG
Subject: Apache issues
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

have a few questions:

1) anyone heard anything about a worm/exploit for FreeBSD primarly, and
other systems, taking advantage of the new Apache bug?

2) is FreeBSD considered to be a possible target? as far as i
understood, it shouldn't be vulnerable... and if, does the bug exist in
Apache2 too?

3) anyone knows if the ports have the new fixed version? as far as i
understood, apache didn't release a fix till now... maybe we should have
at least the port "closed" till the fix is out... keep in mind that lots
of people do NOT read security lists (i know plenty of them), but they
upgrade packages on a regular basis... they could install the "new"
apache today, and then not worry like 2 months, though they did the
update just one day before the patch was released...
Of course, if the port was already frozen, i apologise for this last
comment... haven't checked it :)


tks,
ANdrei

-- 
----------------------------------[ http://www.goanga.com ]--
                                             
     Never take life seriously.             _     _
   Nobody gets out alive anyway.          o' \.=./ `o   
                                             (o o)
-----------------------------------------ooO--(_)--Ooo-------

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message