On Thu, 15 Dec 2011 07:56:06 GMT
mail2sekh <mail2sekh@no-mx.forums.novell.com> wrote:

> Hi,
> Some stupid questions follow.
> 1) I am specifically looking at the security update CVE-2011-3348. I
> found this link 'NOVELL: Downloads - Apache2 5344'
> (http://download.novell.com/Download?...d=wANc3xGRZJY~)
> which is a security update to apache 2.2.12(patch-5344) for CVE-3192
> but it also includes what I want ie 3348. However the access is
> restricted. So is this the 'official' release that you meant ? And I
> would need a paid account to download this patch ?

Yes, this is correct

> 2) This link 'CVE-2011-3348'
> (http://support.novell.com/security/c...2011-3348.html) says any
> version of apache >=2.2.12 will include the security fix I need. So I
> go and download the apache2-2.2.21-54.1.x86_64.rpm from 'Index of
> /repositories/Apache/SLE_11_SP1/x86_64'
> (http://download.opensuse.org/reposit...11_SP1/x86_64/)
> (last updated on 12-Dec-11) and install it. When I check the
> changelog I do not see the cve-3348 udpate. So what am I missing
> here ? Also I suppose this is an unofficial release as this is
> created out of the OBS project.

Two different paths, the fixes from the one above are backported to
version X.X.XX into the SP1 'released' version. By virtue of the
release being >=2.2.12 it will be there, but not all are necessarily

Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel
up 1 day 15:19, 3 users, load average: 0.06, 0.09, 0.09
GPU GeForce 8600 GTS Silent - Driver Version: 290.10