Apache: CVE-2011-3192 - Update for SLES

Hi,
last week Apache came up with CVE-2011-3192. I already got patches for
our Debian servers through theit repositories. For SLES I do not find
anything in any channel (through zypper or on the download site) for any
of its distributions as far as I can see. Do I not find it, will it come
or is it not needed?
Greetings
Andreas


ollenburg

ollenburg’s Profile: http://forums.novell.com/member.php?userid=10428
View this thread: http://forums.novell.com/showthread.php?t=444100

ollenburg;2133994 Wrote:[color=blue]

Hi,
last week Apache came up with CVE-2011-3192. I already got patches for
our Debian servers through theit repositories. For SLES I do not find
anything in any channel (through zypper or on the download site) for any
of its distributions as far as I can see. Do I not find it, will it come
or is it not needed?
Greetings
Andreas[/color]

It’s on it’s way but there are several workarounds you could use until
the patch is released:

‘Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x
\(CVE-2011-3192\)’
(http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110824161640.122D387DD@minotaur.apache.org%3E)

Thomas


http://thsundel.blogspot.com/

thsundel’s Profile: http://forums.novell.com/member.php?userid=128
View this thread: http://forums.novell.com/showthread.php?t=444100

On 02/09/2011 10:26, ollenburg wrote:
[color=blue]

last week Apache came up with CVE-2011-3192. I already got patches for
our Debian servers through theit repositories. For SLES I do not find
anything in any channel (through zypper or on the download site) for any
of its distributions as far as I can see. Do I not find it, will it come
or is it not needed?[/color]

FYI my test OES2 SP3 (SLES10 SP3) has now picked up an update for
apache2 - 2.2.3-16.32.35.1 - that contains a fix for CVE-2011-3192.

HTH.

Simon
Novell Knowledge Partner (NKP)


Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partner (TTP) program. See novell.com/ttp for more details.