Subject: Not really an advocacy :-(
To: None <email@example.com, firstname.lastname@example.org>
From: Ing.,BcA. Ivan Dolezal <email@example.com>
Date: 06/21/2002 17:09:04
Question # 1 :
June 17, 2002
- Internet Security Systems Security Advisory: Remote Compromise
Vulnerability in Apache HTTP Server
- Apache Security Bulletin
- CERT Advisory
June 18, 2002
- updated Apache Security Bulletin
June 19, 2002
- FBI's National Infrastructure Protection Center Advisory
- Linux Weekly News report
- Apache releases 1.3.26
- Debian, Red Hat Linux release their packages (for free)
- "Package apache-1.3.24 has a remote-root-shell vulnerability"
message from audit-packages
June 20, 2002
- Gobbles aka apache_scalp.c presented
June 21, 2002
...problem still not mentioned at netbsd.org/Security/
...problem still not mentioned at
(last audit from Jun 6 05:00)
...insecure 1.3.24 still available from the package collection
Unfortunately the same situation with OpenBSD web (the primary target of
How should I believe to *BSD commitment to security? While BSD is
talking about high quality software, Linux people actually did something.
Am I missing something?
Question # 2:
What are my chances to do something like Openwall's stuff
(http://www.openwall.com/linux/README) with *BSD?