httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jwool...@apache.org
Subject cvs commit: httpd-site/xdocs/info security_bulletin_20020617.txt
Date Tue, 18 Jun 2002 17:07:15 GMT
jwoolley    2002/06/18 10:07:14

  Modified:    docs/info security_bulletin_20020617.txt
               xdocs/info security_bulletin_20020617.txt
  Log:
  Update the advisory to mention the new versions.  This will go live when the
  rest of the site changes go live.
  
  Submitted by:  Mark J. Cox
  
  Revision  Changes    Path
  1.3       +5 -9      httpd-site/docs/info/security_bulletin_20020617.txt
  
  Index: security_bulletin_20020617.txt
  ===================================================================
  RCS file: /home/cvs/httpd-site/docs/info/security_bulletin_20020617.txt,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -d -u -r1.2 -r1.3
  --- security_bulletin_20020617.txt	18 Jun 2002 13:49:52 -0000	1.2
  +++ security_bulletin_20020617.txt	18 Jun 2002 17:07:14 -0000	1.3
  @@ -1,4 +1,5 @@
   Date: June 17, 2002
  +Last Updated: June 18, 2002, 12:57 (-0400)
   Product: Apache Web Server
   Versions: Apache 1.3 all versions including 1.3.24, Apache 2 all versions
   up to 2.0.36, Apache 1.2 all versions 1.2.2 onwards.
  @@ -53,14 +54,9 @@
   can be controlled and so for platforms that store return addresses on the
   stack it is likely that it is further exploitable. This could allow
   arbitrary code to be run on the server as the user the Apache children are
  -set to run as.
  -
  -We have been made aware that Apache 1.3 on Windows is exploitable in this
  -way.
  +set to run as.  We have been made aware that Apache 1.3 on Windows is
  +exploitable in a similar way as well.
   
  -Please note that the patch provided by ISS does not correct this
  -vulnerability.
  +Users of Apache 1.3 should upgrade to 1.3.25, and users of Apache 2.0
  +should upgrade to 2.0.39, which contain a fix for this issue.
   
  -The Apache Software Foundation are currently working on new releases that
  -fix this issue, please see http://httpd.apache.org/ for updated
  -versions.
  
  
  
  1.3       +5 -9      httpd-site/xdocs/info/security_bulletin_20020617.txt
  
  Index: security_bulletin_20020617.txt
  ===================================================================
  RCS file: /home/cvs/httpd-site/xdocs/info/security_bulletin_20020617.txt,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -d -u -r1.2 -r1.3
  --- security_bulletin_20020617.txt	18 Jun 2002 13:49:51 -0000	1.2
  +++ security_bulletin_20020617.txt	18 Jun 2002 17:07:14 -0000	1.3
  @@ -1,4 +1,5 @@
   Date: June 17, 2002
  +Last Updated: June 18, 2002, 12:57 (-0400)
   Product: Apache Web Server
   Versions: Apache 1.3 all versions including 1.3.24, Apache 2 all versions
   up to 2.0.36, Apache 1.2 all versions 1.2.2 onwards.
  @@ -53,14 +54,9 @@
   can be controlled and so for platforms that store return addresses on the
   stack it is likely that it is further exploitable. This could allow
   arbitrary code to be run on the server as the user the Apache children are
  -set to run as.
  -
  -We have been made aware that Apache 1.3 on Windows is exploitable in this
  -way.
  +set to run as.  We have been made aware that Apache 1.3 on Windows is
  +exploitable in a similar way as well.
   
  -Please note that the patch provided by ISS does not correct this
  -vulnerability.
  +Users of Apache 1.3 should upgrade to 1.3.25, and users of Apache 2.0
  +should upgrade to 2.0.39, which contain a fix for this issue.
   
  -The Apache Software Foundation are currently working on new releases that
  -fix this issue, please see http://httpd.apache.org/ for updated
  -versions.
  
  
  

Mime
View raw message