-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alle 23:41, giovedì 24 ottobre 2002, miKe ha scritto:
> (n questi giorni ad esempio si parla molto di slapper,
> che usa per propagarsi dei problemi (fixati) in mod_ssl
> e in apache
..ho fatto appena in tempo a dirlo...
:)
***
Messaggio firmato da Mandrake Linux Security Team
<[EMAIL PROTECTED]>
__________________________________________________
Mandrake Linux Security Update Advisory
__________________________________________________
Package name: mod_ssl
Advisory ID: MDKSA-2002:072
Date: October 24th, 2002
Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0,
Single Network Firewall 7.2
_________________________________________________
Problem Description:
A cross-site scripting vulnerability was discovered in
mod_ssl by Joe Orton. This only affects servers using a
combination of wildcard DNS and "UseCanonicalName off"
(which is not the default in Mandrake Linux). With this
setting turned off, Apache will attempt to use the
hostname:port that the client supplies, which is where the
problem comes into play. With this setting turned on (the
default), Apache constructs a self-referencing URL and
will use ServerName and Port to form the canonical name.
It is recommended that all users upgrade, regardless of
the setting of the "UseCanonicalName" configuration option.
__________________________________________________
***
bye
miKe
_______________________________________
Slackware 8.1 GNU/Linux 2.4.19 @ hp Xe3
R.U.#219755 - S.R.U.#705 - R.M.#110932
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9uHgXF/9fksDJ4y0RAm6YAJ9UeA0t2dzPuD92/ZwiVtRYrb9SiQCeIey9
2B8dHcFtWNpgsU2jdT3S3BI=
=TsGu
-----END PGP SIGNATURE-----
