On Wed, Aug 31, 2011 at 08:28:20PM +0200, Reindl Harald wrote: > > > Am 31.08.2011 19:31, schrieb Paul W. Frields: > > On Wed, Aug 31, 2011 at 05:39:14PM +0200, Reindl Harald wrote: > >> this update should be really fast pushed out > >> > >> the demo-exploit brings down a 4x2.50GHz machine with 8 GB > >> RAM in some seconds without having the known workarounds > >> or explicit mod_security-Rules in front > >> > >> -------- Original-Nachricht -------- > >> Betreff: [ANNOUNCEMENT] Apache HTTP Server 2.2.20 Released > >> Datum: Wed, 31 Aug 2011 07:21:33 -0400 > >> Von: Jim Jagielski <jim@xxxxxxxxxxx> > >> Antwort an: dev@xxxxxxxxxxxxxxxx > >> An: dev@xxxxxxxxxxxxxxxx > >> > >> Apache HTTP Server 2.2.20 Released > > [...snip...] > > > > The security bug is already being tracked: > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3192 > > > > I'd expect a new package to be issued shortly. Once that happens, if > > you want to contribute to pushing this out, be ready to test the fixed > > package and add karma. The process works when people participate > > we are in production with > 20 servers on F14 since some hours > own packages with optimized build-flags based on the Fedora-SPEC-File Not sure what this had to do with my reply, but in the meantime you can use the mitigation that Apache sent out. I'm doing that on my own servers for now. -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ The open source story continues to grow: http://opensource.com -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
