Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Joel Vandal on February 08, 2003, 04:26:30 AM
-
Hi,
IIRC, SME 5.6 include the version 1.3.23 of Apache HTTPD server but since this version, a lot of security fix have been corrected are all fixed on version 1.3.27.
Does the 1.3.23 build that is include on SME 5.6 is a "custom" build that have backported all security fix (like the chunked size bug, cross vulnerability, buffer overflow, ...) or this is the standard Redhat 7.3 package ?
From cve.mitre.org :
CAN-2002-0843 (fixed on 1.3.27)
CAN-2002-0840 (fixed on 1.3.27)
CAN-2002-0839 (fixed on 1.3.27)
CAN-2002-0392 (fixed on 1.3.25)
Thanks,
--
Joel Vandal
Infoteck Internet
-
Oops... error on the subject line... not Apache 1.3.2 but 1.3.23
Sorry for this mistake :)
Thanks,
--
Joel Vandal
Infoteck Internet