-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alle 23:41, giovedì 24 ottobre 2002, miKe ha scritto:
> (n questi giorni ad esempio si parla molto di slapper, > che usa per propagarsi dei problemi (fixati) in mod_ssl > e in apache ..ho fatto appena in tempo a dirlo... :) *** Messaggio firmato da Mandrake Linux Security Team <[EMAIL PROTECTED]> __________________________________________________ Mandrake Linux Security Update Advisory __________________________________________________ Package name: mod_ssl Advisory ID: MDKSA-2002:072 Date: October 24th, 2002 Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0, Single Network Firewall 7.2 _________________________________________________ Problem Description: A cross-site scripting vulnerability was discovered in mod_ssl by Joe Orton. This only affects servers using a combination of wildcard DNS and "UseCanonicalName off" (which is not the default in Mandrake Linux). With this setting turned off, Apache will attempt to use the hostname:port that the client supplies, which is where the problem comes into play. With this setting turned on (the default), Apache constructs a self-referencing URL and will use ServerName and Port to form the canonical name. It is recommended that all users upgrade, regardless of the setting of the "UseCanonicalName" configuration option. __________________________________________________ *** bye miKe _______________________________________ Slackware 8.1 GNU/Linux 2.4.19 @ hp Xe3 R.U.#219755 - S.R.U.#705 - R.M.#110932 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9uHgXF/9fksDJ4y0RAm6YAJ9UeA0t2dzPuD92/ZwiVtRYrb9SiQCeIey9 2B8dHcFtWNpgsU2jdT3S3BI= =TsGu -----END PGP SIGNATURE-----