List ecs-isp@2rosenthals.com Arkiverade meddelande #374 föregående meddelande nästa meddelande Tillbaks till lista

Från: "Paul Smedley" <ecs-isp@2rosenthals.com> Meddelandehuvud
Oavkodat meddelande
Ämne: Re: [eCS-ISP] Apache update needed new CVE's reported.
Datum: Wed, 29 Dec 2021 15:18:48 +1030
Till: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

Hey Steven,

On 29/12/21 14:02, Steven Levine wrote:
In <list-2901837@2rosenthals.com>, on 12/29/21
    at 09:29 AM, "Paul Smedley" <ecs-isp@2rosenthals.com> said:

Hi Paul,

My personal opinion  is that these are almost no risk for OS/2 - we
don't have mod_lua, so  that rules out CVE-2021-44790; and
CVE-2021-44224 is only for a specific use case (forward proxy
configurations).

FWIW, I came to the same conclusion when I first read the CVEs.  They were
not sufficiently interesting to be worth discussing on the apache list.
Yep - I only really bothered updating the code to avoid any confusion over the 'downloading large files' bug and which date httpd.dll was in use.

Now, the Log4J CVE, even though it doesn't affect our platform, is more
than a litte interesting.
Absolutely! The only thing I have here using log4j is Openhab and that has already been patched, plus it isn't directly accessible to the internet anyway.

Cheers,

Paul
Prenumerera: Sändning, Uppsamling, Index.
Stoppa prenumeration
Meddelande till ListMaster