PDA

View Full Version : Apache: CVE-2011-3192 - Update for SLES



ollenburg
02-Sep-2011, 10:26
Hi,
last week Apache came up with CVE-2011-3192. I already got patches for
our Debian servers through theit repositories. For SLES I do not find
anything in any channel (through zypper or on the download site) for any
of its distributions as far as I can see. Do I not find it, will it come
or is it not needed?
Greetings
Andreas


--
ollenburg
------------------------------------------------------------------------
ollenburg's Profile: http://forums.novell.com/member.php?userid=10428
View this thread: http://forums.novell.com/showthread.php?t=444100

thsundel
02-Sep-2011, 10:46
ollenburg;2133994 Wrote:
> Hi,
> last week Apache came up with CVE-2011-3192. I already got patches for
> our Debian servers through theit repositories. For SLES I do not find
> anything in any channel (through zypper or on the download site) for any
> of its distributions as far as I can see. Do I not find it, will it come
> or is it not needed?
> Greetings
> Andreas

It's on it's way but there are several workarounds you could use until
the patch is released:

'Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x
\(CVE-2011-3192\)'
(http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110824161640.122D387DD@minotaur.apache.org%3E )

Thomas


--
http://thsundel.blogspot.com/
------------------------------------------------------------------------
thsundel's Profile: http://forums.novell.com/member.php?userid=128
View this thread: http://forums.novell.com/showthread.php?t=444100

Simon Flood
06-Sep-2011, 12:53
On 02/09/2011 10:26, ollenburg wrote:

> last week Apache came up with CVE-2011-3192. I already got patches for
> our Debian servers through theit repositories. For SLES I do not find
> anything in any channel (through zypper or on the download site) for any
> of its distributions as far as I can see. Do I not find it, will it come
> or is it not needed?

FYI my test OES2 SP3 (SLES10 SP3) has now picked up an update for
apache2 - 2.2.3-16.32.35.1 - that contains a fix for CVE-2011-3192.

HTH.
--
Simon
Novell Knowledge Partner (NKP)

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------