l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2002 Jun 18 17:23

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] Fixed version of Apache 1.3 available (fwd)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] Fixed version of Apache 1.3 available (fwd)

(I lied, here is one follow-up to this)

FYI, new version of apache released in source form. If you "use the source
(luke)" copies are available. If you use the prepackaged ones, you should
check your vendor often for new updates as they will likely be expected

http://www.apache.org/ (main site) 
http://www.apache.org/dyn/closer.cgi (download from a mirror)
http://www.apache.org/dist/ (download from the original site)

Latest for openssl is from May 16th (0.9.6d stable)
Latest modssl is still for apache 1.3.24
   (nothing yet for the present release of apache)

Latest mod_dav is 1.0.3-1.3.6 from 05-Nov-2001

Latest mod_perl is 1.27 (Jun 5, 2002)

I would expect mod_dav and mod_perl to work just fine when compiled
against the new apache tree, but mod_ssl does some internal version
checking with apache and applies some diff patches before apache is
compiled. The default is to complain and not apply all patches. Certainly,
you can try to modify the contents of pkg.sslmod/libssl.version to 1.3.26
and deal with the patches on your own to make sure it all works, but there
is a lot of work tracking each patch down and doing it all manually.

No news yet on mod_ssl but the question have been raised asking about its
next release for working with apache_1.3.26

If someone else does not post that here, perhaps I'll pass notice. If
anyone else notices the new mod_ssl version before me, I think there are
at least 4 others on this list who would want to know about it.


Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html

---------- Forwarded message ----------
Date: Tue, 18 Jun 2002 16:26:38 -0600 (MDT)
From: Dave Ahmad <da@securityfocus.com>
To: bugtraq@securityfocus.com
Subject: Fixed version of Apache 1.3 available

Hey all,

Jay Dyson reported earlier that Apache httpd 2.0.39 was available for
download.  Version 1.3.26 is now available:


See also:


On Tue, 18 Jun 2002, Jay D. Dyson wrote:

> >    The Apache Software Foundation has released two new versions of Apache
> >    that correct this vulnerability. System administrators can prevent the
> >    vulnerability  from  being  exploited  by  upgrading to Apache version
> >    1.3.25  or  2.0.39.
>       I've just visited http://httpd.apache.org/ for the upgrade on
> Apache and noted that v2.0.39 is available[*], but v1.3.25 is nowhere to
> be found.  Is anyone in the know on an ETA for Apache v1.3.25?
> - -Jay

Dave Ahmad

vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!