Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk

[David Lucas <david@xxxxxxxxxxxxxxxx>]

At 01:01 PM 7/11/2002, you wrote:
> > The cobalt GUI seems to dislike other apache versions. I guess it would
> > be too much work in a reasonable amount of time to check all possible
> > implications of using a newer apache version so the decision to release
> > a patch to the current apache is fine IMHO. Now they will have the time
> > (and should use it) to package newer apache versions.
>
> I've compiled newer versions of the ahttpd daemon after the recent Apache
> vulnerabilities. Currently I'm running Apache 1.3.26 for ahttpd and haven't
> noticed any issues. The GUI is still working fine. I think William's point
> was that the version of Apache running the virtual sites has nothing to do
> with the GUI, so why not update it to a recent version if it has to be
> updated anyway.
>
> > On the other hand - I am still waiting for the release of PHP 4.2.1
> > which was promised some time ago ...
>
> Currently running it with my new Apache daemon. ;)


The Cobalt Raq appliance is for all of us that want an appliance.  If you 
do not need an appliance, by all means upgrade all you want.  For the rest 
of us, Cobalt is keeping a restricted system to try and keep us safe and 
secure.  I know, the box is not safe and secure without adding other things 
and turning off a few others.  But, the operating system as shipped, used 
to be Red Hat 6.2, but Cobalt removed some things and modified 
others.  With doing this, it is much more complicated upgrading the modules 
than fixing them.  If it is not acceptable to you, do it yourself or buy 
another product.