Results 1 to 3 of 3

Thread: Apache: CVE-2011-3192 - Update for SLES

  1. #1
    ollenburg NNTP User

    Apache: CVE-2011-3192 - Update for SLES


    Hi,
    last week Apache came up with CVE-2011-3192. I already got patches for
    our Debian servers through theit repositories. For SLES I do not find
    anything in any channel (through zypper or on the download site) for any
    of its distributions as far as I can see. Do I not find it, will it come
    or is it not needed?
    Greetings
    Andreas


    --
    ollenburg
    ------------------------------------------------------------------------
    ollenburg's Profile: http://forums.novell.com/member.php?userid=10428
    View this thread: http://forums.novell.com/showthread.php?t=444100


  2. #2
    thsundel NNTP User

    Re: Apache: CVE-2011-3192 - Update for SLES


    ollenburg;2133994 Wrote:
    > Hi,
    > last week Apache came up with CVE-2011-3192. I already got patches for
    > our Debian servers through theit repositories. For SLES I do not find
    > anything in any channel (through zypper or on the download site) for any
    > of its distributions as far as I can see. Do I not find it, will it come
    > or is it not needed?
    > Greetings
    > Andreas


    It's on it's way but there are several workarounds you could use until
    the patch is released:

    'Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x
    \(CVE-2011-3192\)'
    (http://mail-archives.apache.org/mod_....apache.org%3E)

    Thomas


    --
    http://thsundel.blogspot.com/
    ------------------------------------------------------------------------
    thsundel's Profile: http://forums.novell.com/member.php?userid=128
    View this thread: http://forums.novell.com/showthread.php?t=444100


  3. #3
    Simon Flood NNTP User

    Re: Apache: CVE-2011-3192 - Update for SLES

    On 02/09/2011 10:26, ollenburg wrote:

    > last week Apache came up with CVE-2011-3192. I already got patches for
    > our Debian servers through theit repositories. For SLES I do not find
    > anything in any channel (through zypper or on the download site) for any
    > of its distributions as far as I can see. Do I not find it, will it come
    > or is it not needed?


    FYI my test OES2 SP3 (SLES10 SP3) has now picked up an update for
    apache2 - 2.2.3-16.32.35.1 - that contains a fix for CVE-2011-3192.

    HTH.
    --
    Simon
    Novell Knowledge Partner (NKP)

    ------------------------------------------------------------------------
    Do you work with Novell technologies at a university, college or school?
    If so, your campus could benefit from joining the Novell Technology
    Transfer Partner (TTP) program. See novell.com/ttp for more details.
    ------------------------------------------------------------------------

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •