[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk

Subject: Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk
From: "William L. Thomson Jr." <wlt@xxxxxxxxxxxxxxxxxxxx>
Date: Thu Jul 11 11:17:01 2002
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

On Thu, 2002-07-11 at 11:01, Jay Summers wrote:
> > The cobalt GUI seems to dislike other apache versions. I guess it would
> > be too much work in a reasonable amount of time to check all possible
> > implications of using a newer apache version so the decision to release
> > a patch to the current apache is fine IMHO. Now they will have the time
> > (and should use it) to package newer apache versions.
> 
> I've compiled newer versions of the ahttpd daemon after the recent Apache
> vulnerabilities. Currently I'm running Apache 1.3.26 for ahttpd and haven't
> noticed any issues. The GUI is still working fine. 

You did not happen to take any notes, or did you use a custom config
file? If so can you send my a copy? I use a custom config file for my
dev server and can usually upgrade Apache within a manor of minutes.

If not no big deal, but it's reassuring to know it can be done. If I
have time I may attempt this myself.

> I think William's point
> was that the version of Apache running the virtual sites has nothing to do
> with the GUI, so why not update it to a recent version if it has to be
> updated anyway.

Yes, you hit the nail on the head. Good job Daniel Sun. :)

> > On the other hand - I am still waiting for the release of PHP 4.2.1
> > which was promised some time ago ...
> 
> Currently running it with my new Apache daemon. ;)

I assume the PHP upgrade effect the regular apache daemon and the admin
one? If so do you think it's possible to disable PHP in the regular one,
and have PHP enabled only for the admin one?

As I do not use PHP, I would just assume to disable it in the regular
web server, and leave it only for the admin server. Since the GUI is PHP
based, I would further assume disabling it in the admin server will
effect the GUI.

-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com

References:
- Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk
  - From: Jay Summers

Prev by Date: Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk
Next by Date: Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-20Multiple Vulnerabilities in CDE ToolTalk
Previous by thread: Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk
Next by thread: Re: [cobalt-developers] Fwd: CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index