APACHE REMOTE EXPLOIT

[bdraco]

Its been previously discussed on here already, but I'd like to make sure everyone understands this. The denial of service attack that people have been mentioning about apache is a remote exploit. You should upgrade your system with buildapache.sea ASAP.

http://online.securityfocus.com/archive/1/277830

 

[rpmws]

Hey nick .. you have 1.3.24 on this box ..is that safe? I see 1.3.26 on the cpanel.net cpanel based box.

Just curious ...we need 1.3.26 .. ASAP everywhere right? 1.3.24 does that stop that exploit?

 

[Cscarlet]

i don't know myself but think it wise to upgrade to the latest version anyway

 

[abandoned User]

Only 1.3.26 fixes the hole

 

[jsteel]

[quote:5f3ed2bb00][i:5f3ed2bb00]Originally posted by CPanel User[/i:5f3ed2bb00]

Only 1.3.26 fixes the hole[/quote:5f3ed2bb00]

Incorrect. Many distributions have patched their bundled versions of Apache. Mandrake, for example, released a 1.3.24 rpm upgrade that patches the hole as well.

Jaz

 

[abandoned User]

You mean 1.3.23.

 

[dzevad]

Is everything ok with buildapache.sea or fp-5.0-upgrade.sea ? So far every time it installed without problems, now it stops saying:

configure: error: Unable to find libgd.(a|so) anywhere under ../gd-1.8.4
make[1]: Entering directory `/root/fp-5.0-upgrade/buildapache/php-4.2.3'
make[1]: *** No targets specified and no makefile found. Stop.
make[1]: Leaving directory `/root/fp-5.0-upgrade/buildapache/php-4.2.3'
make[1]: Entering directory `/root/fp-5.0-upgrade/buildapache/php-4.2.3'
make[1]: *** No rule to make target `install'. Stop.
make[1]: Leaving directory `/root/fp-5.0-upgrade/buildapache/php-4.2.3'

I tried with fix fixheaders but didn't help. Shouldn't libgd come with apache?



P.S.
I just located libgd.so under /usr/lib

/libgd.so.1
/libgd.so.1.8
/libgd.so.1.8.4
/libgd.so
/libgd.so.1.8.3

How do I tell apache to look for it there?

Thanks

 

[dzevad]

So any help on my previous post?