Can someone clarify for me, please (not directly debian related, I know,
but...) - the patches appear to only be to the chunk-encoding functions
in mod_proxy. If mod_proxy isn't loaded, is apache still vulnerable?
KJL
On Thu, 2002-06-20 at 20:30, Paul Hosking wrote:
On Wed, 2002-06-19 at
Can someone clarify for me, please (not directly debian related, I know,
but...) - the patches appear to only be to the chunk-encoding functions
in mod_proxy. If mod_proxy isn't loaded, is apache still vulnerable?
its not just mod_proxy, apache was vulnerable regardless
--
Jamie Heilman
On Sat, 2002-06-22 at 21:08, Brendan Hack wrote:
I've had this problem before with apache spontaneously seg faulting when
trying to execute it. I know we all hate killing the uptime but if I
rebooted it would solve the problem.
Maybe it ran out of sysv shared memory? You can use ipcs to
Regardless, thanks for the dsa suggestion, it solves my problem, but I'm
still curious as to why the rsa key did not work.
Maybe on machine B in sshd_config you enabled only Protocol 2 or
RSAAuthentication is no -- its for rsa1
PubkeyAuthentication yes -- its for rsa and dsa protocol 2
The
On Sat, 22 Jun 2002 02:20:20 -0500
Rob VanFleet [EMAIL PROTECTED] wrote:
I am trying to use RSA authentication between different machines, but
I'm running into trouble between machines running different versions of
ssh.
Are you sure the different versions of OpenSSH make the difference.
I
Hello
On Sat, Jun 22, 2002 at 11:50:10PM -0700, Jamie Heilman wrote:
its not just mod_proxy, apache was vulnerable regardless
BTW: in the case that mod_proxy is not loaded: is it enough to just
backport the get_chunk_size function from http_protocol.c (like in the
file
I did the upgrade to the security patched version. After doing so I had
to restart Apache with only the DSO modules running in order to keep it
from segfaulting. I determined by a lot of trial and error that this was
being caused by several of the modules that I load. It seems to run
fine after
Will there be an apache-ssl version added to the security area?
--
John Foster
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Previously John Foster wrote:
I did the upgrade to the security patched version. After doing so I had
to restart Apache with only the DSO modules running in order to keep it
from segfaulting. I determined by a lot of trial and error that this was
being caused by several of the modules that I
Previously John Foster wrote:
Will there be an apache-ssl version added to the security area?
Yes, I actually just put it there for most architectures.
Wichert.
--
_
/[EMAIL PROTECTED] This space intentionally left
On Sun, Jun 23, 2002 at 12:46:27AM +0300, Pavel Minev Penev wrote:
I would think of using xdelta, or similar to distrubute changes as
binary patches, since there could be a real server overload when a few
hundred administrators and mere people start downloading the brand new
deifinitions
On Sun, Jun 23, 2002 at 01:25:56PM -0300, Peter Cordes wrote:
On Sun, Jun 23, 2002 at 12:46:27AM +0300, Pavel Minev Penev wrote:
I would think of using xdelta, or similar to distrubute changes as
binary patches, since there could be a real server overload when a few
hundred administrators
On Sat, Jun 22, 2002 at 03:33:59PM -0500, Rob VanFleet wrote:
Regardless, thanks for the dsa suggestion, it solves my problem, but I'm
still curious as to why the rsa key did not work.
You compiled openssh yourself on one of the machines. Maybe you didn't
include RSA support. RSA used to be
On Sun, Jun 23, 2002 at 11:49:02AM -0500, Steve Langasek wrote:
On Sun, Jun 23, 2002 at 01:25:56PM -0300, Peter Cordes wrote:
Unfortunately, it's probably too late to integrate rsync into the whole apt
system, so it can rsync stuff in /var/cache/apt/archives.
First thing's first: we need
also sprach Micah Anderson [EMAIL PROTECTED] [2002.01.10.0127 +0100]:
Potato has 1.2-14 as its latest for poppasswd... I agree that
v1.8-ceti would be a better solution, especially considering the
security issues you cited. What does it take to get this version into
the security updates? A bug
Previously John Foster wrote:
Wichert Akkerman wrote:
* what architecture are you running
Debian Woody (currently upgraded thru today)
That's not the architecture. Architecture is one of alpha, arm, i386,
ia64, hppa m68k, mips, mipsel, powerps, s390, sparc.
* what exact version of apache
Wichert Akkerman wrote:
That's not the architecture. Architecture is one of alpha, arm, i386,
ia64, hppa m68k, mips, mipsel, powerps, s390, sparc.
Sorry I had a brain lapse... i386
* what exact version of apache (or apache-ssl or apache-perl) do you have?
apache-1.3.26-0woody
Previously John Foster wrote:
apache-1.3.26-0woody
I thgink you are missing a 1 at the end there
apache-ssl-1.3.26.1+1
That is not the security fixed version, that is 1.3.26.1+1.48-0woody2
Wichert.
--
_
/[EMAIL PROTECTED]
On Sun, Jun 23, 2002 at 11:49:02AM -0500, Steve Langasek wrote:
On Sun, Jun 23, 2002 at 01:25:56PM -0300, Peter Cordes wrote:
On Sun, Jun 23, 2002 at 12:46:27AM +0300, Pavel Minev Penev wrote:
I would think of using xdelta, or similar to distrubute changes as
binary patches, since there
Well, still binary patching could be implemented (although, in a rather
osbscure way) using pre-install scripts which would patch the definition
files. However, this would require two packages providing the same
version of the definition files (a patch package and a complete
new-version
On Sun, Jun 23, 2002 at 04:51:20PM -0400, Phillip Hofmeister wrote:
Well, still binary patching could be implemented (although, in a rather
osbscure way) using pre-install scripts which would patch the definition
files. However, this would require two packages providing the same
version of
Christian Hammers wrote:
On Sat, Jun 22, 2002 at 11:50:10PM -0700, Jamie Heilman wrote:
its not just mod_proxy, apache was vulnerable regardless
BTW: in the case that mod_proxy is not loaded: is it enough to just
backport the get_chunk_size function from http_protocol.c (like in the
file
Wichert Akkerman [EMAIL PROTECTED] writes:
Previously Olaf Meeuwissen wrote:
For a truly stable Debian system, drop
deb http://http.us.debian.org/debian dists/potato-proposed-updates/
I wouldn't recommend that, on occasion a package makes it
23 matches
Mail list logo