Re: CVE-2011-3192 fix for Apache 2.0.x

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Sep 8, 2011 at 7:56 PM,  <Bryan.Laipple@xxxxxxxxx> wrote:
> Hello,
>
> The description for security vulnerability CVE-2011-3192
> (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192) notes that
> it applies to Apache HTTP Server 2.0.x through 2.0.64.  A fix has been
> applied and available in the 2.2.x version, but currently there is not
> one for 2.0.x.
>
> Is 2.0.x truly vulnerable and is there an estimated time when a fix will
> be available?

2.0.x is as vulnerable as 2.2.x.

This is being discussed to some extent on the developer mailing list
(dev@xxxxxxxxxxxxxxxx).

http://httpd.apache.org/lists.html#http-dev

Check the archives for such a question earlier today.

Check the overloaded thread "[PATCH] byterange patch for 2.2.20" for
an initial, unreviewed patch for 2.0.64.




>
> Thank you,
>
> Bryan Laipple
> Software Engineer
>
> GENERAL DYNAMICS C4 Systems
> 8201 E. McDowell Road
> Scottsdale, AZ 85257
> H8175-028
> Office: 480-441-4064
> bryan.laipple@xxxxxxxxx
>
> This message and/or attachments may include information subject to GDC4S
> S.P. 1.8.6 and GD Corporate Policy 07-105 and are intended to be
> accessed only by authorized recipients. Use, storage and transmission
> are governed by General Dynamics and its policies. Contractual
> restrictions apply to third parties. Recipients should refer to the
> policies or contract to determine proper handling. Unauthorized review,
> use, disclosure or distribution is prohibited. If you are not an
> intended recipient, please contact the sender and destroy all copies of
> the original message.
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>



-- 
Born in Roswell... married an alien...

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux