apache13 security problems
Andrew McNaughton
andrew at scoop.co.nz
Mon Jun 14 14:02:34 GMT 2004
On Mon, 14 Jun 2004, Mark Bojara wrote:
> Since this weekend new security holes in apache1.3.31 have been discovered.
> However I have cvsupped my ports collection from both cvsup2.freebsd.org
> and cvsup.ca.freebsd.org and there arent any changes in the cvs tree for
> www/apache13
>
> ===> apache-1.3.31_1 has known vulnerabilities:
> >> mod_ssl stack-based buffer overflow.
> Reference: <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0488>
> >> Please update your ports tree and try again.
> *** Error code 1
>
> Does anybody have advise on how I could sort this out?
Looking at the CVS repository, the comment on the makefile revision for
Revision 1.151 of the Makefile says that it fixes the problem with
mod_proxy.
Looks like files/patch-proxy_util.c got added, and the PORTREVISION number
updated in the Makefile. apache-1.3.31_1 or apache-1.3.31_2 (the later is
half an hour old) should be OK.
Andrew McNaughton
--
No added Sugar. Not tested on animals. May contain traces of Nuts. If
irritation occurs, discontinue use.
-------------------------------------------------------------------
Andrew McNaughton Living in a shack in Tasmania
andrew at scoop.co.nz Between the bush and the sea
Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc
http://www.scoop.co.nz/
More information about the freebsd-isp
mailing list