Results 1 to 3 of 3

Thread: SLES11 SP2 and apache 2.2.24 (CRIME/BEAST attacks)

Hybrid View

  1. SLES11 SP2 and apache 2.2.24 (CRIME/BEAST attacks)

    Good afternoon,
    in the SLES11 SP2 update repo is quite old version (2.2.12.x). This version up to 2.2.24 (I think) are vulnerable to CRIME attacks. Is there some usable official repo which I could use ? For old PHP 5.2.xx I used repo from build service ...
    Thanks and best regards
    J.Karliak

  2. Re: SLES11 SP2 and apache 2.2.24 (CRIME/BEAST attacks)

    On Thu 06 Dec 2012 11:54:03 AM CST, josefkarliak wrote:


    Good afternoon,
    in the SLES11 SP2 update repo is quite old version (2.2.12.x). This
    version up to 2.2.24 (I think) are vulnerable to CRIME attacks. Is there
    some usable official repo which I could use ? For old PHP 5.2.xx I used
    repo from build service ...
    Thanks and best regards
    J.Karliak


    Hi
    Not necessarily security fixes are backported into the versions, you
    need to check the changelogs and CVE references.

    Again, check the changelogs from the Open Build Service versions as
    well.

    --
    Cheers Malcolm °¿° (Linux Counter #276890)
    openSUSE 12.2 (x86_64) Kernel 3.4.11-2.16-desktop
    up 21:55, 3 users, load average: 0.23, 0.15, 0.10
    CPU Intel i5 CPU M520@2.40GHz | Intel Arrandale GPU


  3. Re: SLES11 SP2 and apache 2.2.24 (CRIME/BEAST attacks)

    Quote Originally Posted by josefkarliak View Post
    in the SLES11 SP2 update repo is quite old version (2.2.12.x). This version up to 2.2.24 (I think) are vulnerable to CRIME attacks. Is there some usable official repo which I could use ? For old PHP 5.2.xx I used repo from build service ...
    The BEAST attack is actually fixed in openssl itself, you don't need to update apache2. for the CRIME vulnerability, there is currently no fix in apache2 itself, you can however disable iirc the SSL caching which is the only known workaround. For BEAST, see http://support.novell.com/security/c...2011-3389.html

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •