Apache HTTP Server mod_deflate Remote Denial Of Service Vulnerability

Jim Perrin jperrin at gmail.com
Sat Mar 6 22:59:02 CET 2010


On Sat, Mar 6, 2010 at 9:33 AM,  <ravishankar.gundlapali at wipro.com> wrote:
> Hi ,
>
> I have below mentioned action items on me which my security team identified .

You'll have to de-prioritize your current workload and make these your
primary action items until your security team advises a status
upgrade.

> Please let me know whether the solution you have provided earlier is same for these?

Yes. The advice 'Seek help from your OS vendor channel is still
appropriate because this doesn't appear to have anything to do with
nagios.


>
> Can anyone let me know the procedure for this...

I did already. You left the answer below when you top posted.

Here it is again:

> This is an apache issue and not really a nagios issue. You should
> check with your vendor (aka Fedora) for an updated apache fix that
> addresses the vulnerability your security team identified.
>
> On a personal note I'd recommend not using fedora for a server if you
> want to have any sense of long-term usage of the system. Fedora tends
> to go through releases rather quickly, where distros more targeted to
> the enterprise have several years of support for a release. For
> example: RHEL, CentOS and Scientific Linux all support their releases
> for 7 years.  Fedora supports a release for around 12-18 months.
>
> --
> During times of universal deceit, telling the truth becomes a revolutionary act.
> George Orwell
>
> Please do not print this email unless it is absolutely necessary.
>
> The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.

This disclaimer is pretty useless when you're sending the message to a
mailing list.


-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list