Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [suse-security] apache2 patch
From: John (isofronicc.uoi.gr)
Date: Thu Jul 28 2005 - 03:02:12 CDT
From: Reto Inversini <inversinidatacomm.ch>
Date: Wednesday, July 27, 2005, 11:02:54 PM
Subject: [suse-security] apache2 patch
Wednesday, July 27, 2005, 11:02:54 PM, you wrote:
> John wrote:
>> hello all
> Hi John
>> I noticed that /usr/sbin/httpd2-prefork has new timestamp (22/jul) but
>> the same size (in bytes) with the older one.
> AFAIK the patch was just a small one, the vulnerability is a off-by-one
> error in mod_ssl. What exactly has changed can be found here:
>> Can anyone explain to me what does this mean?
>> How the patch has fit in that binary and the size remains the same?
> If you want to be totally sure, if you have got the changed binary in
> your chroot environment calculate an md5 hash over the old and the new
> file, the md5sums should differ.
Ok, i saw that piece of code.
But how the binary be the same
YOU downloaded the apache2-prefork*.rpm and apache2-*.rpm
The above rpms installed at once. So the old binaries must have been
overwriten but they have the same size excactly.
md5sum outputs the hash of the file size
I will then receive the same hash for the old and the new binary
httpd2-prefork, won't i?
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here