enterprise-support team mailing list archive

Thread
Date

[Bug 1077434] Re: Apache 2.2.14 Server Status no longer available

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Robie Basak <1077434@xxxxxxxxxxxxxxxxxx>
Date: Wed, 14 Nov 2012 20:47:51 -0000
Reply-to: Bug 1077434 <1077434@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Sorry, based on your original description I was under the impression
that you had upgraded from 8.04 to 10.04, rather than having just
applied an update within the same release.

There was a recent SSL-related security update:

  * SECURITY UPDATE: CRIME attack ssl attack (LP: #1068854)
    - debian/patches/303_CVE-2012-4929.dpatch: backport SSLCompression
      on|off directive. Defaults to off as enabling compression enables the
      CRIME attack.
    - CVE-2012-4929

I wonder if this is related.

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4929

** Changed in: apache2 (Ubuntu)
       Status: Invalid => New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1077434

Title:
  Apache 2.2.14 Server Status no longer available

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1077434/+subscriptions