Good afternoon,
in the SLES11 SP2 update repo is quite old version (2.2.12.x). This version up to 2.2.24 (I think) are vulnerable to CRIME attacks. Is there some usable official repo which I could use ? For old PHP 5.2.xx I used repo from build service …
Thanks and best regards
J.Karliak
Hi
Not necessarily security fixes are backported into the versions, you
need to check the changelogs and CVE references.
Again, check the changelogs from the Open Build Service versions as
well.
–
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 12.2 (x86_64) Kernel 3.4.11-2.16-desktop
up 21:55, 3 users, load average: 0.23, 0.15, 0.10
CPU Intel i5 CPU M520@2.40GHz | Intel Arrandale GPU
The BEAST attack is actually fixed in openssl itself, you don’t need to update apache2. for the CRIME vulnerability, there is currently no fix in apache2 itself, you can however disable iirc the SSL caching which is the only known workaround. For BEAST, see http://support.novell.com/security/cve/CVE-2011-3389.html