httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Regev Ayelet <Ayelet.Re...@comverse.com>
Subject RE: [users@httpd] availability of httpd 2.0.65
Date Sun, 30 Sep 2012 14:08:18 GMT
In this link:

http://wiki.apache.org/httpd/CVE-2011-3192


FIX
====

This vulnerability has been fixed in release 2.2.20 and further corrected
in 2.2.21. You are advised to upgrade to version 2.2.21 (or newer) or the
legacy 2.0.65 release, once this is published (anticipated in September).

If you cannot upgrade, or cannot wait to upgrade - you can apply the
appropriate source code patch and recompile a recent existing version;

  http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/ (for 2.2.9 - .14)
  http://www.apache.org/dist/httpd/patches/apply_to_2.2.19/ (for 2.2.15 - .19)
  http://www.apache.org/dist/httpd/patches/apply_to_2.0.64/ (for 2.0.55 - .64)

If you cannot upgrade and/or cannot apply above patches in a timely manner
then you should consider to apply one or more of the mitigation suggested below.




Ayelet Regev-Dabah
System Software Platform TL
Comverse
Office: +972 3 6459362
ayelet.regev@comverse.com
www.comverse.com


-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com]
Sent: Sunday, September 30, 2012 4:05 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] availability of httpd 2.0.65

On Sun, Sep 30, 2012 at 9:56 AM, Regev Ayelet <Ayelet.Regev@comverse.com> wrote:
> Hi All,
>
> According to apache.org , httpd 2.0.65 suppose to be released during
> September.
> Does anyone have updates on this issue?
> I tried to install the patch, but my security system still claim there is a
> security bug…
>

Where do you see a date listed for 2.0.65?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


“This e-mail message may contain confidential, commercial or privileged information that
constitutes proprietary information of Comverse Technology or its subsidiaries. If you are
not the intended recipient of this message, you are hereby notified that any review, use or
distribution of this information is absolutely prohibited and we request that you delete all
copies and contact us by e-mailing to: security@comverse.com. Thank You.”

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message