Security Incidents mailing list archives
Re: apache problem
From: Stephen Smoogen <smoogen () lanl gov>
Date: 17 Oct 2002 14:02:53 -0600
Here is how I understand it: Red Hat supports 3 versions of their boxed OS with security fixes at this time: Red Hat Linux 6.2, Red Hat Linux 7.3, and Red Hat Linux 8.0. They will do security fixes which would be to apache-1.3.2? for 6.2 and 7.3 and for 8.0 it would be 2.x. Red Hat rarely gives out for code revisions for security problems but insteads does back ports of code fixes for most vulnerabilities (so they would patch say 1.3.23 with the security fixes from 1.3.27 versus putting out a 1.3.27). The general reason is that it is easier to audit the code that way, and to also make sure that various ABI/API changes that might have occured between versions do not affect customers. The rare case where Red Hat would send out a completely new version would be where the fixes break ABI/API or are so invasive that one might as well release the newer version (plus all the needed fixes for other mod_* items). Going forward, Red Hat will be focusing on the apache 2.x series for their 8.0 and beyond Linux releases. On Tue, 2002-10-15 at 16:28, Homer Wilson Smith wrote:
I have been told that RedHat does not have updates for apache-1.3.27 and has abandoned it for 2.x Is there any truth in this? ------------------------------------------------------------------------ Homer Wilson Smith The Paths of Lovers Art Matrix - Lightlink (607) 277-0959 KC2ITF Cross Internet Access, Ithaca NY homer () lightlink com In the Line of Duty http://www.lightlink.com
-- Stephen John Smoogen smoogen () lanl gov Los Alamos National Labrador CCN-2 B-Schedule PH: Ta-03 SM-261 MailStop P208 DP 17U Los Alamos, NM 87545 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: apache problem, (continued)
- Re: apache problem Ryan Sweat (Oct 15)
- Re: apache problem zeno (Oct 15)
- RE: apache problem Jonathan A. Zdziarski (Oct 15)
- Re: apache problem Bob Johnson (Oct 16)
- Re: apache problem SZALAY Attila (Oct 15)
- Re: apache problem cory (Oct 15)
- Re: apache problem Bob Johnson (Oct 16)
- Re: apache problem Hugo van der Kooij (Oct 15)
- Re: apache problem Homer Wilson Smith (Oct 16)
- Re: apache problem Hugo van der Kooij (Oct 16)
- Re: apache problem Stephen Smoogen (Oct 17)
- RE: apache problem Jonathan A. Zdziarski (Oct 18)
- Re: apache problem Jason Giglio (Oct 18)
- Re: apache problem Stephen Smoogen (Oct 18)
- RE: apache problem Jonathan A. Zdziarski (Oct 18)
- Re: apache problem Homer Wilson Smith (Oct 16)
- Re: apache problem Ryan Sweat (Oct 15)