Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Bug Software Apache

Apache Issues Fix For Win32, OS/2 bug 9

Posted by Hemos from the fixing-the-bugs dept.
dthor writes "An exploit was discovered that allows a malicious user to terminate the Apache server 1.3.x running on Win32 or OS2. Apache has released a patch. 'Users of older versions of Apache on Win32 and OS2 platforms are cautioned to to upgrade to 1.3.19 and apply this fix. All Win32 and OS2 users are strongly encouraged to upgrade to 1.3.20 once it is released.'"
This discussion has been archived. No new comments can be posted.

Apache Issues Fix For Win32, OS/2 bug More

Apache Issues Fix For Win32, OS/2 bug

Comments Filter:
  • OS = OpenSource

    DUH!

  • From my submit story page:

    2001-05-22 17:58:16 Apache 1.3.20 Released (articles,apache) (rejected)

    That was a week ago today... kinda disappointing. Do I get rejected because I post from MSIE on a Mac?

  • And what does a URI issue that attacks the server have to do with the OS? This kind of an attack is what gives IIS a bad name.

  • I did the same thing the day after you:

    2001-05-23 18:31:39 Apache 1.3.20 is available (articles,apache) (rejected)

    I'm guessing that someone was asleep at the switch and thought it had already been posted. *shrug*

  • I submitted this news just a few hours after he (Orbital Sander) posted it and before your post.

    2001-05-22 21:49:22 Apache 1.3.20 is now available (articles,apache) (rejected)

    Oh well. I hope they accept my post when Apache 2.0 (nonbeta) is available.

  • 1.3.20 has been out for what, 5 days already? Yeesh, look at the Freshmeat Slashbox from time to time.
  • Yea your right, but because its OS it got patched ASAP, no cover up, no stock holders to kiss ass to, just fixed the problem and didnt even have to fill a report.


    The Lottery:
  • yeah, but the windoze binaries are always a few days (sometimes a week or more) behind in getting released...

  • Apache 1.3.20 is released (Score:4)

    by geirt ( 55254 ) on Monday May 28, 2001 @02:17AM (#193993)

    ... users are strongly encouraged to upgrade to 1.3.20 once it is released.

    Here [apache.org] is the Release Announcement for 1.3.20

    The relevant part of the changelog:

    * A carefully constructed URI could cause the server to segfault on Win32 and OS/2, denying access to users until the error was cleared. This is resolved on both platforms, no server data vulnerability was identified for this denial of service exploit.

Slashdot Top Deals

Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker

Close