Re: any DSA for CAN-2004-0930
Hi Rolf, Wed, 17 Nov 2004 11:35:01 +0100, Rolf Kutz Re: any DSA for CAN-2004-0930 How about CAN-2004-0600 and CAN-2004-0686 for samba in stable? There is no Samba3 in stable. OK, I know that, stable version is Samba 2.2.3a based one, not 3.0.x. And upstream said all of support for 2.2.x is terminated in 31th Oct, but CAN-2004-0600 and CAN-2004-0686 published in July...about 4 mouths ago. Debian Samba package in stable would be affected, I think, but no DSA is published. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=260838 Why? -- Regards, Hideki Yamane henrich @ samba.gr.jp/iijmio-mail.jp Key fingerprint = 4555 82ED 38B6 C870 E099 388C 22ED 21CB C4C7 264B -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution
Quoting Steve Suehring [EMAIL PROTECTED]: If I'm not mistaken the vulnerabilities existed in two files found in apache-common. Since apache-common is a prerequisite for apache-ssl, updating apache-common should correct the vulnerability. I could be wrong and I'm sure someone will correct me if I am. :) You are correct. The files are /usr/bin/htpasswd and /usr/lib/apache/1.3/mod_include.so. Both are indeed in apache-common. Otherwise, the apache-perl package might be affected too. Not only apache-ssl. HTH, Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | ... putting a mail server on the Internet without filtering is like | | covering yourself with barbecue sauce and breaking into the Charity| | Home for Badgers with Rabies.Michael Lucas | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution
In article [EMAIL PROTECTED] you wrote: If I'm not mistaken the vulnerabilities existed in two files found in apache-common. Does anybody know why the Vuln is classified as a remote exploit? Arent SSI tags dependend on local modifications? Or are there tags which can be remote exploited, if used. Gruss Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]