1 |
On 8/27/10, Jarry <mr.jarry@×××××.com> wrote: |
2 |
> On 27. 8. 2010 19:23, Kyle Bader wrote: |
3 |
> |
4 |
>> I noticed you have mod_dav& mod_cache and are running 2.2.15, perhaps |
5 |
>> it's this? |
6 |
>> |
7 |
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452 |
8 |
> |
9 |
> You may be right! But what can I do? There is not even masked |
10 |
> version 2.2.16 in portage, despite the fact it has been released |
11 |
> by apache-foundation on 2010-07-25 (together with description |
12 |
> of vulnerability found in 2.2.15). There has already been bug |
13 |
> opened in gentoo-bugzila on 2010-07-28... |
14 |
> |
15 |
> BTW in the meantime my apache crashed again the same way, after |
16 |
> not a single day uptime! Something I have never seen before, |
17 |
> actually my apache has been running without any problem since |
18 |
> the last update. And now this! Quite unpleasant, for such |
19 |
> a critical server-software... |
20 |
|
21 |
From apache.org: |
22 |
|
23 |
"This crash would only be a denial of service if using the worker MPM." |
24 |
|
25 |
Can you try with another MPM? |
26 |
|
27 |
Btw, AFAICT, Gentoo apache herd is currently down to one (or fewer) dev(s). :-/ |
28 |
|
29 |
-- |
30 |
Arttu V. -- Running Gentoo is like running with scissors |