René Seindal wrote: > > On Wed, 2002-06-19 at 13:39, NANTENAINA Tianarivo ulrich wrote: > > Hi folk, > > > > We have some machine with testing and the version of the Apache on those > > servers is 1.3.24-3. I would like to know if this version of apache > > debian is also vulnerable. I've checked the announcement sent about the > > patch but didn't find inside the patch for this version. As the advisory > > said that Apache version 1.3.24 is still vulnerable, it worried me. > > I believe it is. > > If you use 32 bit machines you are 'only' vulnerable to a DoS attack, > not a real compromise of your servers.
Note: Both Apache and CERT dispute that claim made by ISS that 32 bit machines can only be DoSed. > > What should I do? > > I have decided to wait a while to give the maintainers a fair chance to > make the packages. You could compile your own... News is the fix is out. http://www.theregister.co.uk/content/4/25779.html -- | Bryan Andersen | [EMAIL PROTECTED] | http://www.nerdvest.com | | Buzzwords are like annoying little flies that deserve to be swatted. | | "Linux, the OS Microsoft doesn't want you to know about.". | | -Bryan Andersen | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]