From: "Paul Smedley" <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTPS id 2633470 for ecs-isp@2rosenthals.com; Wed, 06 Oct 2021 00:26:11 -0400
Received: from [192.168.200.201] (port=49150 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtp (Exim 4.94.2)
	(envelope-from <paul@smedley.id.au>)
	id 1mXyVE-0005ET-28
	for ecs-isp@2rosenthals.com; Wed, 06 Oct 2021 00:26:00 -0400
Received: from mail-il1-f175.google.com ([209.85.166.175]:46655)
	by mail2.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <paul@smedley.id.au>)
	id 1mXyVA-00019P-2y
	for ecs-isp@2rosenthals.com; Wed, 06 Oct 2021 00:25:57 -0400
Received: by mail-il1-f175.google.com with SMTP id w10so1481433ilc.13
        for <ecs-isp@2rosenthals.com>; Tue, 05 Oct 2021 21:25:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=smedley-id-au.20210112.gappssmtp.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=h0rDAFjxK0VCKQ90wgOOJRmTgcMFph+NLBMst5qp6c8=;
        b=Os8pnwRfSUiybqOKkQmk/XJ23pOomefoVgnnx+sH+6nv0Vx7IQ37mse8bOIlyW3rjz
         4ynVAc80uA+G/54scAegOSFAMoVOtuYHC7+AwBh0VGNfRhpcHG+A7lpz0xIniav72QXF
         TqN9Ia//V53aiqVcaga3Bo068XGbI65wd3NJaLuAf3fKhKYifiRzln5PH6Ks31nw7s8H
         sHSBhY3wvIQ/a7rsfVz/C2HlNVJdjN0hZXBFq/mLQlcBjpOw6kFrOD01RLoLSDOxjlkx
         H0aiVVGqDpT3+eHCCbHJ1bCkRj8k0D5NlRFzaxqaJb8LtowuNBjDpdc2y+JXLciY4wyj
         Y6EA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=h0rDAFjxK0VCKQ90wgOOJRmTgcMFph+NLBMst5qp6c8=;
        b=qkEQsjTNHXgf0OAH43ZydA4nn6mKfH1iSiqVT0IG29BXbVuuDD5bOWJSJbmO2UTmeG
         +MPHZjtYf1PXfBaPdghuJi0TMdSNdX3n7M9Zz+YUBzBAuvxrFPk2nZWx5DKbVcS+g8ee
         wojG55Gxm81bMuAsdo4F0q2oEOfBlN7el/JEHtgc0CksfKhOKsS8fp6+tXVgF0eB6s0T
         ikFtfXnX+5T3BV17OG7FmQHsuJwBrbHDJJxhGBNgqRf94KRcith8zBAnhbTdulOi1Vnp
         ZcDQ33Eib5eIgyQCq2WEtpFbuVSPdBONuFIKvOl/PbMGKjGjHc9MXos2Bp1HiK9SYsUx
         Tt+A==
X-Gm-Message-State: AOAM533kV7QO5a2q+DaxyVO0bOXVyKsKtYeH4DcqhfBoDkPRI0IcrJTJ
	sY4Bz1NHTh7aK6M7Se2W0Q32mCKOMLZqxR3Q8zDgTeTP8Xs=
X-Google-Smtp-Source: ABdhPJxN+XY4CA6Q6O4g6PYiXfbKQoFNHqMg+hHgY2HIcWo17emBGQ200kLOnt9AMrt1fMnSIgvQ6Dj5/q9PeGpnUvg=
X-Received: by 2002:a05:6e02:be8:: with SMTP id d8mr5709204ilu.126.1633494355935;
 Tue, 05 Oct 2021 21:25:55 -0700 (PDT)
MIME-Version: 1.0
References: <list-2620142@2rosenthals.com> <list-2633065@2rosenthals.com>
In-Reply-To: <list-2633065@2rosenthals.com>
Date: Wed, 6 Oct 2021 14:55:45 +1030
Message-ID: <CAEtV2=B9t_L7EWcHxVNQyD9HrNSvqDV6big72+e1_gGT1k-8eQ@mail.gmail.com>
Subject: Re: [eCS-ISP] Apache 2.4.49 zero day exploit...
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
Content-Type: multipart/alternative; boundary="000000000000d4177a05cda78ab3"

--000000000000d4177a05cda78ab3
Content-Type: text/plain; charset="UTF-8"

I'll build 2.4.50 as soon as I resolve the issues with APR and using the
tcpip 4.1 interface, but meanwhile anyone concerned should roll back to
2.4.48

Cheers,

Paul

On Wed, 6 Oct 2021, 06:38 Roderick Klein, <ecs-isp@2rosenthals.com> wrote:

> On  2-10-21 11:42, Paul Smedley wrote:
> >
> > Hi All,
> >
> > The key changes with these is that apache2 has been updated to pull in
> > the socket functions from tcpip32.dll rather than so32dll.dll.
> >
> > I don't expect this to make any significant differences in real life,
> > other than it slightly simplifies the build process.
> >
> > https://smedley.id.au/tmp/php-8.0.9-os2-20211002.zip
> > https://smedley.id.au/tmp/httpd-2.4.49-os2-20211002-debug.zip
>
> It seems this Apache version has a zero day exploit.
>
>
> https://therecord.media/apache-fixes-actively-exploited-web-server-zero-day/
>
> Roderick
>
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> This message is sent to you because you are subscribed to
>   the mailing list <ecs-isp@2rosenthals.com>.
> To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
> To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
> To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
> Send administrative queries to  <ecs-isp-request@2rosenthals.com>
> To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and
> reply to the confirmation email.
> Web archives are publicly available at: http://lists.2rosenthals.com
>
> This list is hosted by Rosenthal & Rosenthal, LLC
> P.O. Box 281, Deer Park, NY 11729-0281. Non-
> electronic communications related to content
> contained in these messages should be directed
> to the above address. (CAN-SPAM Act of 2003)
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>

--000000000000d4177a05cda78ab3
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto">I&#39;ll build 2.4.50 as soon as I resolve the issues wit=
h APR and using the tcpip 4.1 interface, but meanwhile anyone concerned sho=
uld roll back to 2.4.48<br><br><div data-smartmail=3D"gmail_signature">Chee=
rs,<br><br>Paul</div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" =
class=3D"gmail_attr">On Wed, 6 Oct 2021, 06:38 Roderick Klein, &lt;<a href=
=3D"mailto:ecs-isp@2rosenthals.com">ecs-isp@2rosenthals.com</a>&gt; wrote:<=
br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;borde=
r-left:1px #ccc solid;padding-left:1ex">On=C2=A0 2-10-21 11:42, Paul Smedle=
y wrote:<br>
&gt;<br>
&gt; Hi All,<br>
&gt;<br>
&gt; The key changes with these is that apache2 has been updated to pull in=
<br>
&gt; the socket functions from tcpip32.dll rather than so32dll.dll.<br>
&gt;<br>
&gt; I don&#39;t expect this to make any significant differences in real li=
fe,<br>
&gt; other than it slightly simplifies the build process.<br>
&gt;<br>
&gt; <a href=3D"https://smedley.id.au/tmp/php-8.0.9-os2-20211002.zip" rel=
=3D"noreferrer noreferrer" target=3D"_blank">https://smedley.id.au/tmp/php-=
8.0.9-os2-20211002.zip</a><br>
&gt; <a href=3D"https://smedley.id.au/tmp/httpd-2.4.49-os2-20211002-debug.z=
ip" rel=3D"noreferrer noreferrer" target=3D"_blank">https://smedley.id.au/t=
mp/httpd-2.4.49-os2-20211002-debug.zip</a><br>
<br>
It seems this Apache version has a zero day exploit.<br>
<br>
<a href=3D"https://therecord.media/apache-fixes-actively-exploited-web-serv=
er-zero-day/" rel=3D"noreferrer noreferrer" target=3D"_blank">https://there=
cord.media/apache-fixes-actively-exploited-web-server-zero-day/</a><br>
<br>
Roderick<br>
<br>
<br>
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D<br>
This message is sent to you because you are subscribed to<br>
=C2=A0 the mailing list &lt;<a href=3D"mailto:ecs-isp@2rosenthals.com" targ=
et=3D"_blank" rel=3D"noreferrer">ecs-isp@2rosenthals.com</a>&gt;.<br>
To unsubscribe, E-mail to: &lt;<a href=3D"mailto:ecs-isp-off@2rosenthals.co=
m" target=3D"_blank" rel=3D"noreferrer">ecs-isp-off@2rosenthals.com</a>&gt;=
<br>
To switch to the DIGEST mode, E-mail to &lt;<a href=3D"mailto:ecs-isp-diges=
t@2rosenthals.com" target=3D"_blank" rel=3D"noreferrer">ecs-isp-digest@2ros=
enthals.com</a>&gt;<br>
To switch to the INDEX mode, E-mail to &lt;<a href=3D"mailto:ecs-isp-index@=
2rosenthals.com" target=3D"_blank" rel=3D"noreferrer">ecs-isp-index@2rosent=
hals.com</a>&gt;<br>
Send administrative queries to=C2=A0 &lt;<a href=3D"mailto:ecs-isp-request@=
2rosenthals.com" target=3D"_blank" rel=3D"noreferrer">ecs-isp-request@2rose=
nthals.com</a>&gt;<br>
To subscribe (new addresses), E-mail to: &lt;<a href=3D"mailto:ecs-isp-on@2=
rosenthals.com" target=3D"_blank" rel=3D"noreferrer">ecs-isp-on@2rosenthals=
.com</a>&gt; and reply to the confirmation email.<br>
Web archives are publicly available at: <a href=3D"http://lists.2rosenthals=
.com" rel=3D"noreferrer noreferrer" target=3D"_blank">http://lists.2rosenth=
als.com</a><br>
<br>
This list is hosted by Rosenthal &amp; Rosenthal, LLC<br>
P.O. Box 281, Deer Park, NY 11729-0281. Non-<br>
electronic communications related to content<br>
contained in these messages should be directed<br>
to the above address. (CAN-SPAM Act of 2003)<br>
<br>
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D<br>
<br>
</blockquote></div>

--000000000000d4177a05cda78ab3--