On Thu, 15 Dec 2011 07:56:06 GMT
mail2sekh <mail2sekh@no-mx.forums.novell.com> wrote:

>
> Hi,
> Some stupid questions follow.
> 1) I am specifically looking at the security update CVE-2011-3348. I
> found this link 'NOVELL: Downloads - Apache2 5344'
> (http://download.novell.com/Download?...d=wANc3xGRZJY~)
> which is a security update to apache 2.2.12(patch-5344) for CVE-3192
> but it also includes what I want ie 3348. However the access is
> restricted. So is this the 'official' release that you meant ? And I
> would need a paid account to download this patch ?


Yes, this is correct

>
> 2) This link 'CVE-2011-3348'
> (http://support.novell.com/security/c...2011-3348.html) says any
> version of apache >=2.2.12 will include the security fix I need. So I
> go and download the apache2-2.2.21-54.1.x86_64.rpm from 'Index of
> /repositories/Apache/SLE_11_SP1/x86_64'
> (http://download.opensuse.org/reposit...11_SP1/x86_64/)
> (last updated on 12-Dec-11) and install it. When I check the
> changelog I do not see the cve-3348 udpate. So what am I missing
> here ? Also I suppose this is an unofficial release as this is
> created out of the OBS project.
>

Two different paths, the fixes from the one above are backported to
version X.X.XX into the SP1 'released' version. By virtue of the
release being >=2.2.12 it will be there, but not all are necessarily
mentioned.

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
up 1 day 15:19, 3 users, load average: 0.06, 0.09, 0.09
GPU GeForce 8600 GTS Silent - Driver Version: 290.10