Am Mi, den 09.11.2005 schrieb Matthew Nuzum um 20:02:
In light of the recent PHP attacks, I've added as a precautionary
measure the mod_security module to my RPM for the httpd (Apache) web
server to help secure things more.
I haven't experienced the problem; yet, KNOCKING on WOOD LOUDLY.
On Wed, 9 Nov 2005, Jesse Keating wrote:
On Wed, 2005-11-09 at 11:33 -0800, Dan Hollis wrote:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139778
seems like a damn good idea now.
If this package exists in Extras, it could be easily rebuilt for Fedora
1,2.
It doesnt exist in fedora at
On Wed, Nov 09, 2005 at 02:12:45PM -0500, Josep L. Guallar-Esteve wrote:
On Wednesday 09 November 2005 14:02, Matthew Nuzum wrote:
Which worm is this that you're guarding against? I haven't heard of a new
worm yet.
http://www.securityfocus.com/bid/14088/info
..
If I understand
On Wed, Nov 09, 2005 at 11:22:28AM -0800, Jesse Keating wrote:
On Wed, 2005-11-09 at 14:12 -0500, Josep L. Guallar-Esteve wrote:
http://www.securityfocus.com/bid/14088/info
http://vil.nai.com/vil/content/v_136821.htm
http://news.zdnet.com/2100-1009_22-5938475.html
On Wed, 9 Nov 2005, Jason Edgecombe wrote:
Dan Hollis wrote:
It doesnt exist in fedora at all right now, extras or not.
I was just pointing out that these recent incidents are a strong argument
for putting mod_security in core.
It doesn't exist?!
Then what's this:
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Michal Jaegermann wrote:
On Wed, Nov 09, 2005 at 11:22:28AM -0800, Jesse Keating wrote:
On Wed, 2005-11-09 at 14:12 -0500, Josep L. Guallar-Esteve wrote:
http://www.securityfocus.com/bid/14088/info
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Jesse Keating wrote:
On Wed, 2005-11-09 at 13:36 -0700, Michal Jaegermann wrote:
Do you mean that one from August?
https://rhn.redhat.com/errata/RHSA-2005-748.html
CAN ids between that one and
http://www.securityfocus.com/bid/14088/info
do not
On Wed, 2005-11-09 at 13:27 -0700, Michal Jaegermann wrote:
If I understand correctly that is really an XML_RPC vulnerability in
pear libraries; so if you do not have such capability, or it is not
turned on, then you are not vulnerable. Of course there are some
applications which require
On Wed, Nov 09, 2005 at 04:19:35PM -0500, James Kosin wrote:
On Wed, Nov 09, 2005 at 11:22:28AM -0800, Jesse Keating wrote:
Does look like we need to patch this. RHEL issued an update,
Do you mean that one from August?
https://rhn.redhat.com/errata/RHSA-2005-748.html CAN ids between
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Michal Jaegermann wrote:
On Wed, Nov 09, 2005 at 04:19:35PM -0500, James Kosin wrote:
On Wed, Nov 09, 2005 at 11:22:28AM -0800, Jesse Keating wrote:
Does look like we need to patch this. RHEL issued an update,
Do you mean that one from
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Michal Jaegermann wrote:
On Wed, Nov 09, 2005 at 04:19:35PM -0500, James Kosin wrote:
SNIP
We could base our build for FC1 from the patches in FC3... If and
only if, we are allowed to update some packages inside to newer
versions. FC3
On Wed, Nov 09, 2005 at 05:04:27PM -0500, James Kosin wrote:
They also address CVE-2005-3353, CVE-2005-3388, CVE-2005-3389 and
CVE-2005-3390...
do we need to concern ourselves with these?
Do you plan to wait until attacks will show up?
Michal
--
fedora-legacy-list mailing list
12 matches
Mail list logo