| 1 |
On 8/27/10, Jarry <mr.jarry@×××××.com> wrote: |
| 2 |
> On 27. 8. 2010 19:23, Kyle Bader wrote: |
| 3 |
> |
| 4 |
>> I noticed you have mod_dav& mod_cache and are running 2.2.15, perhaps |
| 5 |
>> it's this? |
| 6 |
>> |
| 7 |
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452 |
| 8 |
> |
| 9 |
> You may be right! But what can I do? There is not even masked |
| 10 |
> version 2.2.16 in portage, despite the fact it has been released |
| 11 |
> by apache-foundation on 2010-07-25 (together with description |
| 12 |
> of vulnerability found in 2.2.15). There has already been bug |
| 13 |
> opened in gentoo-bugzila on 2010-07-28... |
| 14 |
> |
| 15 |
> BTW in the meantime my apache crashed again the same way, after |
| 16 |
> not a single day uptime! Something I have never seen before, |
| 17 |
> actually my apache has been running without any problem since |
| 18 |
> the last update. And now this! Quite unpleasant, for such |
| 19 |
> a critical server-software... |
| 20 |
|
| 21 |
From apache.org: |
| 22 |
|
| 23 |
"This crash would only be a denial of service if using the worker MPM." |
| 24 |
|
| 25 |
Can you try with another MPM? |
| 26 |
|
| 27 |
Btw, AFAICT, Gentoo apache herd is currently down to one (or fewer) dev(s). :-/ |
| 28 |
|
| 29 |
-- |
| 30 |
Arttu V. -- Running Gentoo is like running with scissors |
Archives