[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Re: [cobalt-security] openssl upgrade

Subject: Re: [cobalt-developers] Re: [cobalt-security] openssl upgrade
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue Sep 17 14:51:01 2002
Organization: Front Street Networks LLC
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

On Monday 16 September 2002 13:17, John Bailey wrote:
> > 11) wget http://www.apache.org/dist/httpd/old/apache_1.3.20.tar.gz
>
> Possibly not a good idea unless you want to open yourself up to the
> chunked encoding attack[1], effecting all versions previous to 1.3.26
> I believe that Sun patched up their 1.3.20 based packages, but the date of
> the package on the Apache server is May, so it won't contain any fixes.
>

I thought we went through this a few times!
We are *NOT* installing apache_1.3.20.tar.gz 
Please read all the instructions before jumping to conclusions.

However, I do appreciate your concern

Gerald
-- 
http://frontstreetnetworks.com         http://raqware.com
Front Street Networks LLC   |  Phone: 203-785-0699
229 Front Street, Ste C, New Haven, CT 06513-3203

References:
- [cobalt-developers] openssl upgrade
  - From: Gerald Waugh
- [cobalt-developers] Re: [cobalt-security] openssl upgrade
  - From: John Bailey

Prev by Date: Re: [cobalt-developers] locate weirdness
Next by Date: Re: [cobalt-developers] Re: OpenSSL patch for Linux worm?
Previous by thread: [cobalt-developers] Re: [cobalt-security] openssl upgrade
Next by thread: Re: [cobalt-developers] openssl upgrade

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index