LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Updated Apache advisory and response from ISS

[Posted June 21, 2002 by corbet]

The Apache Software Foundation has issued an updated advisory on the "chunk handling" vulnerability. Now that a 32-bit remote exploit is circulating, an Apache upgrade is suggested even more urgently than before.

Meanwhile, ISS has sent out a response to the extensive criticism it has taken for having announced the vulnerability without allowing the ASF (or anybody else) any time to prepare patches. "Due to the general nature of open-source and its openness, the virtual organizations behind the projects do not have an ability to enforce strict confidentiality. By notifying the open source project, its nature is that the information is quickly spread in the wild disregarding any type of quiet period. ISS X-Force minimizes the quiet period and delay of protecting customers by providing a security patch." If you haven't already, see this week's Leading Items for our opinion.

See the vulnerability report for current information on this problem and distributor alerts.

(Log in to post comments)

Copyright © 2002, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds