Is there any fix for it? SLES is using and old version of Apache (2.2.12) and I really don’t want to start having to compile things to get a fixed version.
Hi dennisdcs,
generally speaking, SLES is very often using old versions that are patched individually to cover bugs. This is a stability measure - you still get the old behaviour, minus the bugs. But as the version numbers aren’t updated (so not to confuse people to think that the code is based on a newer available version), it is not obvious which patches are included.
See i.e. https://forums.suse.com/showthread.php?2859-SLES11SP-and-never-version-of-Apache&p=15014#post15014 for details on the CRIME fix for SLES.
Reegards,
Jens
This has come up before.
https://forums.suse.com/archive/index.php/t-2105.html
If you have done some testing and found your system still vulnerable,
please post the tests done and system details to have it reproduced.
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…
Hi
Have you checked the apache2 changelog? Security fixes are backported,
so the version of a package can be irrelevant.
AFAIK the code to fix is openssl;
rpm -qa --changelog |grep CVE-2012-4929
https://bugzilla.novell.com/show_bug.cgi?id=779952
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1 Kernel 3.11.10-7-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
Thanks for the replies. Apparently one of the patches fixed the issue.