Subject: | |
From: | |
Reply To: | |
Date: | Fri, 28 Jun 2013 20:58:26 -0500 |
Content-Type: | multipart/alternative |
Parts/Attachments: |
|
|
On 06/28/2013 04:33 AM, David Sommerseth wrote:
> On 27/06/13 19:02, Gerald Waugh wrote:
>> Apache HTTP Server Overlapping Byte-Range Denial of Service
>>
>> Apache HTTP Server version 2.2.20 has been released to address this
>> issue, though many vendors (Redhat,
>> Debian, etc) have also backported fixes to address the problem.
>>
>> Does anyone know if this is fixed in 2.2.15 ?
> I haven't checked myself, but I presume this command line could give
> some qualified clues:
>
> $ rpm -q --changelog httpd
Thanks David,
Turns out that the vulnerbility is covered in CVE-2011-3192
[root@www web]# rpm -q --changelog httpd | grep CVE-2011-3192
* Thu Sep 08 2011 Joe Orton <[log in to unmask]> - 2.2.15-13
- add security fix for CVE-2011-3192 (#733063, #736592)
--
Gerald
|
|
|