Re: [suse-sles-e] SLES 9 PatchLevel 3

From: J.H.M. Dassen (Ray) (rdassen_at_novell.com)
Date: Mon Jun 05 2006 - 23:02:10 CEST

• Next message: Alexei_Roudnev: "Re: [suse-sles-e] Installation source"
• Previous message: J.H.M. Dassen (Ray): "Re: [suse-sles-e] LDAP won't start"
• In reply to: Winn Johnston: "[suse-sles-e] SLES 9 PatchLevel 3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 5 Jun 2006 23:02:10 +0200
From: "J.H.M. Dassen (Ray)" <rdassen@novell.com>
Message-ID: <20060605210210.GB25010@xinara.org>
Subject: Re: [suse-sles-e] SLES 9 PatchLevel 3

On Mon, Jun 05, 2006 at 13:20:28 -0700, Winn Johnston wrote:
> I am trying to confirm, in writing, that the issues with apache v. 2.0.49
> have been fixed in SUSE LINUX Enterprise Server 9 (i586) VERSION = 9
> PATCHLEVEL = 3 We have issued a security check, and the company doing the
> check said we needed to upgrade our apache to 2.0.52 However, when running
> the rug command to view the ergent patches there is no listing for this
> patch.

See
        http://en.opensuse.org/SDB:Backports
for an explanation of why version number comparisons can be extremely
flawed. You may want to employ a security auditor who understands this if
you want an audit to provide meaningful information about your security
status.

> It is imparative i have some sort of documentation from novel saying they
> are not volurnerable to the issues listed in:
> CAN-2004-0811 BID: 11239

        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0811
refers to
        http://httpd.apache.org/security/vulnerabilities_20.html
which explicitly describes this one as "A flaw in Apache 2.0.51 (only)", so
this should not affect SLES9 (whose Apache is based on 2.0.49).

All the others vulnerabilities on your list have been fixed in various
updates for SLES9's apache and mod_dav packages.

> CAN-2004-0786
> CAN-2004-0747

        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786
and
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747
lead you to
        http://www.novell.com/linux/security/advisories/2004_32_apache2.html
        
> CAN-2004-0751
> CAN-2004-0748

        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751
and
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748
lead you to
        http://www.novell.com/linux/security/advisories/2004_30_apache2.html

> CAN-2004-0809 BID: 11185, 11187

See
        http://support.novell.com/techcenter/psdb/031f16f00d8a113c18c9ad3dcf15a055.html

HTH,

-- 
Ray Dassen
Technical Support Engineer, EMEA Services Center, Novell Technical Services
Novell, Inc.   Software for the Open Enterprise  http://www.novell.com/open
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
For additional commands, e-mail: suse-sles-e-help@suse.com

• Next message: Alexei_Roudnev: "Re: [suse-sles-e] Installation source"
• Previous message: J.H.M. Dassen (Ray): "Re: [suse-sles-e] LDAP won't start"
• In reply to: Winn Johnston: "[suse-sles-e] SLES 9 PatchLevel 3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Mon Jun 05 2006 - 23:02:20 CEST