Re: Apache 2.039
On Sat, 10 Aug 2002, Mads Toftum wrote: > On Fri, Aug 09, 2002 at 06:55:01PM -0400, R. DuFresne wrote: > > Any word on if this compiles on those older linux kernels as the previous > > release was a total dud in that realm? > > I've compiled Apache2 on a 2.0 linux kernel several times without problems. yes, but, on an older linux kernel? Pre 2.2.x? Thanks, Ron DuFresne -- ~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
On Fri, Aug 09, 2002 at 06:55:01PM -0400, R. DuFresne wrote: > Any word on if this compiles on those older linux kernels as the previous > release was a total dud in that realm? I've compiled Apache2 on a 2.0 linux kernel several times without problems. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
On Fri, 9 Aug 2002, R. DuFresne wrote: > Any word on if this compiles on those older linux kernels as the previous > release was a total dud in that realm? Probably no change. But FWIW, I believe one of our developers tried it on an older kernel and it worked fine for him... if you could provide access to a box it fails on to one of the core dev team, that might help. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
This is a security fix release for those using apache in Cygwin environments! Date: Fri, 9 Aug 2002 22:07:52 +0100 (BST) From: Mark J Cox <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], Full Disclosure <[EMAIL PROTECTED]>, Vuln-Dev <[EMAIL PROTECTED]> Subject: [Full-Disclosure] Apache 2.0 vulnerability affects non-Unix platforms -BEGIN PGP SIGNED MESSAGE- For Immediate Disclosure === SUMMARY Title: Apache 2.0 vulnerability affects non-Unix platforms Date: 9th August 2002 Revision: 2 Product Name: Apache HTTP server 2.0 OS/Platform: Windows, OS2, Netware Permanent URL: http://httpd.apache.org/info/security_bulletin_20020809a.txt Vendor Name: Apache Software Foundation Vendor URL: http://httpd.apache.org/ Affects: All Released versions of 2.0 through 2.0.39 Fixed in: 2.0.40 Identifiers: CAN-2002-0661 === DESCRIPTION Apache is a powerful, full-featured, efficient, and freely-available Web server. On the 7th August 2002, The Apache Software Foundation was notified of the discovery of a significant vulnerability, identified by Auriemma Luigi <[EMAIL PROTECTED]>. This vulnerability has the potential to allow an attacker to inflict serious damage to a server, and reveal sensitive data. This vulnerability affects default installations of the Apache web server. Unix and other variant platforms appear unaffected. Cygwin users are likely to be affected. === SOLUTION A simple one line workaround in the httpd.conf file will close the vulnerability. Prior to the first 'Alias' or 'Redirect' directive, add the following directive to the global server configuration: RedirectMatch 400 "\\\.\." Fixes for this vulnerability are also included in Apache HTTP server version 2.0.40. The 2.0.40 release also contains fixes for two minor path-revealing exposures. This release of Apache is available at http://www.apache.org/dist/httpd/ Thanks, Ron DuFresne On Fri, 9 Aug 2002, Cliff Woolley wrote: > On Fri, 9 Aug 2002, Cliff Woolley wrote: > > > That's what I get for not reading all of my email before responding to > > any of it. 0.9.6g was also released today. Sigh. :) > > I guess today was the day for releases. Apache 2.0.40 is now out as well. > > --Cliff > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > -- ~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
On Fri, 9 Aug 2002, Cliff Woolley wrote: > On Fri, 9 Aug 2002, Cliff Woolley wrote: > > > That's what I get for not reading all of my email before responding to > > any of it. 0.9.6g was also released today. Sigh. :) > > I guess today was the day for releases. Apache 2.0.40 is now out as well. Any word on if this compiles on those older linux kernels as the previous release was a total dud in that realm? Thanks, Ron DuFresne -- ~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
On Fri, 9 Aug 2002, Cliff Woolley wrote: > That's what I get for not reading all of my email before responding to > any of it. 0.9.6g was also released today. Sigh. :) I guess today was the day for releases. Apache 2.0.40 is now out as well. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache 2.039
Title: RE: Apache 2.039 Followed your instruction, finally got every configuration done. But server won't start with following message in error_log, [Fri Aug 09 11:49:29 2002] [warn] Init: PRNG still contains not sufficient entropy! [Fri Aug 09 11:49:32 2002] [error] Init: Failed to generate temporary 512 bit RSA private key Configuration Failed Thanks. -Original Message- From: Daniel Lopez [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 08, 2002 2:09 PM To: [EMAIL PROTECTED] Subject: Re: Apache 2.039 Have a look at http://www.apacheworld.org/ty24/site.chapter17.html That is a chapter I have online that explains step by step how to build Apache 2 with SSL support. > When I run configure --with-ssl=$directory_of_open_ssl, it complained that > it can't find ssl toolkit library. Did I do anything wrong? > > Thanks. > > Wei > > -Original Message- > From: Cliff Woolley [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 08, 2002 1:50 PM > To: [EMAIL PROTECTED] > Subject: Re: Apache 2.039 > > > On Thu, 8 Aug 2002, Tony Jarriault wrote: > > > I'm search openssl for Apache 2.039, where can i find it, please ? > > I assume you mean mod_ssl, not openssl. mod_ssl is bundled with Apache > 2.0.x -- check your copy of Apache 2.0 and you'll find that it's already > there (caveat: we do not distribute binaries of mod_ssl, only source > code). > > OpenSSL is the same regardless of what mod_ssl you use and is available at > www.openssl.org. > > --Cliff > > PS: Can we PLEASE add this to the FAQ or even the main modssl.org site? > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Apache 2.039
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 09 August 2002 04:27 pm, Cliff Woolley wrote: >On Thu, 8 Aug 2002, Cliff Woolley wrote: >> Upgrade to 0.9.6e. > >Make that 0.9.6f, released today. :) > g, just a few minutes ago.. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9U9M/4Q/49nIJTlwRAgh9AJ9RVLUm+8WXtqAkgDNTij/fJnTvdQCfVRko S0+auy1Me02md2SuHyvmDA4= =gl4i -END PGP SIGNATURE- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
On Fri, 9 Aug 2002, Cliff Woolley wrote: > Make that 0.9.6f, released today. :) That's what I get for not reading all of my email before responding to any of it. 0.9.6g was also released today. Sigh. :) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
On Thu, 8 Aug 2002, Cliff Woolley wrote: > Upgrade to 0.9.6e. Make that 0.9.6f, released today. :) --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
Cliff Woolley wrote: > On Fri, 9 Aug 2002 [EMAIL PROTECTED] wrote: > > > Do you know what different between 0.9.6b and 0.9.6e > > Among other things, there are important security fixes in 0.9.6e (for > remotely exploitable bugs in 0.9.6d and earlier versions). > > Upgrade to 0.9.6e. So, do you agree compile and install apache 1.3.26, php 4.2.2, MySQL 3.23.51, OpenSSL 0.9.6e and mod_ssl 2.8.10-1.3.26 good for working together under Linux / Unix / other OS System ? Thank for your help ! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
On Fri, 9 Aug 2002 [EMAIL PROTECTED] wrote: > Do you know what different between 0.9.6b and 0.9.6e Among other things, there are important security fixes in 0.9.6e (for remotely exploitable bugs in 0.9.6d and earlier versions). Upgrade to 0.9.6e. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
Gregg Andrew wrote: Openssl.org version 0.9.6e Do you know what different between 0.9.6b and 0.9.6e, Because I knew there are some of users they are using 0.9.6b, I think 0.9.6b is an older version... But if I use the new version of Apache ( eg : 1.3.26 ), so... use 0.9.6e is good ? I was fail to install 0.9.6d !
