[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-developers] Re: [cobalt-security] openssl upgrade

Subject: [cobalt-developers] Re: [cobalt-security] openssl upgrade
From: "John Bailey" <john@xxxxxxxxxxxxxxxxxxxx>
Date: Tue Sep 17 14:39:19 2002
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

> 11) wget http://www.apache.org/dist/httpd/old/apache_1.3.20.tar.gz

Possibly not a good idea unless you want to open yourself up to the
chunked encoding attack[1], effecting all versions previous to 1.3.26
I believe that Sun patched up their 1.3.20 based packages, but the date of
the package on the Apache server is May, so it won't contain any fixes.

Thanks,

John

[1] http://httpd.apache.org/info/security_bulletin_20020617.txt

Follow-Ups:
- Re: [cobalt-developers] Re: [cobalt-security] openssl upgrade
  - From: Gerald Waugh

References:
- [cobalt-developers] openssl upgrade
  - From: Gerald Waugh

Prev by Date: [cobalt-developers] openssl upgrade
Next by Date: Re: [cobalt-developers] Re: OpenSSL patch for Linux worm?
Previous by thread: [cobalt-developers] openssl upgrade
Next by thread: Re: [cobalt-developers] Re: [cobalt-security] openssl upgrade

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index