From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Security issue in Apache 2.4.27 ("optionsbleed")
Date: Wed, 20 Sep 2017 22:12:31 +0100 [thread overview]
Message-ID: <1505941951.4381.17.camel@ipfire.org> (raw)
In-Reply-To: <cd6120ce-e563-82b6-809d-a4861370b967@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 1145 bytes --]
Perfect working together.
Patch is merged.
Indeed, we shouldn't ship a release that has any known vulnerabilities.
Best,
-Michael
On Tue, 2017-09-19 at 19:23 +0200, Matthias Fischer wrote:
> On 19.09.2017 17:14, Peter Müller wrote:
> > Hello,
> >
> > a security issue has been found in Apache 2.4.27, which is
> > at the moment scheduled for the "next" branch in IPFire.
> >
> > It is a memory leak (called "optionsbleed"), more details
> > are available here:
> > * https://nvd.nist.gov/vuln/detail/CVE-2017-9798
> > * https://heise.de/-3835313 (german only)
> >
> > A patch has been published on Apache's SVN repository (but
> > I am not sure how to add it to the LFS build file :-) ):
> > https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
> >
> > Although IPFire is not vulnerable as far as I know, it
> > might be good to deploy this. Affects the 2.2.x series, too.
> >
> > Just in case anyone is interested.
> >
> > Best regards,
> > Peter Müller
> >
>
> I'll give it a try - Devel is running...
>
> Best,
> Matthias
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2017-09-20 21:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-19 15:14 Peter Müller
2017-09-19 17:23 ` Matthias Fischer
2017-09-20 21:12 ` Michael Tremer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1505941951.4381.17.camel@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox