Any news on this issue? Ayelet Regev-Dabah System Software Platform TL Comverse Office: +972 3 6459362 ayelet.regev@xxxxxxxxxxxx www.comverse.com -----Original Message----- From: Regev Ayelet [mailto:Ayelet.Regev@xxxxxxxxxxxx] Sent: Sunday, September 30, 2012 4:08 PM To: users@xxxxxxxxxxxxxxxx Subject: RE: availability of httpd 2.0.65 In this link: http://wiki.apache.org/httpd/CVE-2011-3192 FIX ==== This vulnerability has been fixed in release 2.2.20 and further corrected in 2.2.21. You are advised to upgrade to version 2.2.21 (or newer) or the legacy 2.0.65 release, once this is published (anticipated in September). If you cannot upgrade, or cannot wait to upgrade - you can apply the appropriate source code patch and recompile a recent existing version; http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/ (for 2.2.9 - .14) http://www.apache.org/dist/httpd/patches/apply_to_2.2.19/ (for 2.2.15 - .19) http://www.apache.org/dist/httpd/patches/apply_to_2.0.64/ (for 2.0.55 - .64) If you cannot upgrade and/or cannot apply above patches in a timely manner then you should consider to apply one or more of the mitigation suggested below. Ayelet Regev-Dabah System Software Platform TL Comverse Office: +972 3 6459362 ayelet.regev@xxxxxxxxxxxx www.comverse.com -----Original Message----- From: Eric Covener [mailto:covener@xxxxxxxxx] Sent: Sunday, September 30, 2012 4:05 PM To: users@xxxxxxxxxxxxxxxx Subject: Re: availability of httpd 2.0.65 On Sun, Sep 30, 2012 at 9:56 AM, Regev Ayelet <Ayelet.Regev@xxxxxxxxxxxx> wrote: > Hi All, > > According to apache.org , httpd 2.0.65 suppose to be released during > September. > Does anyone have updates on this issue? > I tried to install the patch, but my security system still claim there is a > security bug… > Where do you see a date listed for 2.0.65? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx “This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Technology or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: security@xxxxxxxxxxxx. Thank You.” --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx “This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Technology or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: security@xxxxxxxxxxxx. Thank You.” --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|