Nachricht #375 aus Archiv der Liste ecs-isp@2rosenthals.com

Von: "Steven Levine" <ecs-isp@2rosenthals.com> Kopfzeilen anzeigen
E-Mail Quelltext
Betreff: Re: [eCS-ISP] Apache update needed new CVE's reported.
Datum: Tue, 28 Dec 2021 23:01:20 -0800
An: "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>

In <list-2902019@2rosenthals.com>, on 12/29/21
   at 03:18 PM, "Paul Smedley" <ecs-isp@2rosenthals.com> said:

Hiya,

>Yep - I only really bothered updating the code to avoid any confusion
>over the 'downloading large files' bug and which date httpd.dll was in
>use.

One item in the 2.4.52 changelog that did catch my interest was the mod_md
updates.  Automated Let's Encrypt certificate updates might be useful.

>Absolutely! The only thing I have here using log4j is Openhab and that
>has already been patched, plus it isn't directly accessible to the
>internet anyway.

As I mentioned elsewhere, what I found most interesting about the Log4J
vulnerability is that it was not discovered and exploited sooner.
Apparently it has existed since 2013.

Steven

--
----------------------------------------------------------------------
"Steven Levine" <steve53@earthlink.net>  Warp/DIY/BlueLion etc.
www.scoug.com www.arcanoae.com www.warpcave.com
----------------------------------------------------------------------


Abonnieren: Nachricht (Feed), Sammelnachricht (Digest), Index.
Abmelden
E-Mail an ListMaster