[3390] in Release_7.7_team
Re: Apache web-server vulnerability on surflets.mit.edu (Case 284967)
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Tue Jul 9 18:21:05 2002
Message-Id: <200207092221.SAA01318@the-other-woman.mit.edu>
From: Jonathon Weiss <jweiss@MIT.EDU>
To: release-team@MIT.EDU
cc: javy@MIT.EDU
In-reply-to: Your message of "Tue, 09 Jul 2002 14:21:04 EDT."
<3D2B2990.4D057FAC@mit.edu>
Date: Tue, 09 Jul 2002 18:21:02 -0400
Just FTR, net-sec figured out htat the machine had been updated and
was secure, and they got back to the user.
Jonathon
> Hi Javier,
>
> Thank you for your update. I tried /etc/athena/update_ws, but it says "No new
> version is available."
> Should I run rpm manually? My current version of apache is
>
> # rpm -q apache
> apache-1.3.22-5.7.1
>
> Thanks,
>
> -yr
>
> Javier A Castro wrote:
>
> > Ying-Jui,
> >
> > A patch was released by MIT Information Systems for the Apache web-server
> > vulnerability on your machine (surflets.mit.edu). Please take the update
> > to remove the vulnerability. Be sure to set AUTOUPDATE = true, and you
> > should probably join release-announce@mit.edu for notification of updates.
> > If you have any questions regarding the update, e-mail release-team@mit.edu.
> >
> > Please be sure to keep the subject line intact for any further
> > correspondence regarding this issue.
> >
> > Thanks,
> >
> > Javier Castro
> > -for security@mit.edu
>
