-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jesse Keating wrote: > > James, what is in your package that we haven't included in our Apache? > I was under the assumption that we had fixed all the CVEs related to the > slapper worm and that our users were safe. If this isn't the case, we > have a severe problem and need to fix this immediately. > > > > ------------------------------------------------------------------------ Jesse, Hi. I think it was fixed with the updates to perl by the update. But, that said, he could have a WebAdmin install that makes him vulnerable again. My version takes care of the mod_ssl issue he already disabled. FC1 doesn't have a fix or if so it hasn't gone through QA yet. My version does add the mod_security module to Apache which should help with this and other worms that try to access via this type of method. James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD1VSAkNLDmnu1kSkRAuV5AJ4tHYj1a7HHknypuE0F0UhJyYDL7QCeKHDq DB1v27kblhsQGeIJdpyGEjI= =ywd9 -----END PGP SIGNATURE----- -- Scanned by ClamAV - http://www.clamav.net -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
