Dekar: Did you actually test this at all? Please provide some evidence to support your claims.
You have said that you believe this issue is:
> A real problem, exploitable for many people in a default
> installation. Includes serious remote denial of services,
> local root privilege escalations, or data loss.
The default installation, when one installs apache2 using
sudo apt-get install apache2
uses the apache2-mpm-prefork module, not apache2-mpm-worker. The article by LiraNuna clearly states:
I assume you are using the threaded version of Apache, else you are not vulnerable to this type of attack.
Please justify your claims about this being a high priority issue, affecting many people in the default installation, in the light of this.
More generally, if you believe this to be a significant issue for many people, rather than making unfounded statements here, please do the community a service and package the module that you wish to see included in Ubuntu :)
Dekar: Did you actually test this at all? Please provide some evidence to support your claims.
You have said that you believe this issue is:
> A real problem, exploitable for many people in a default
> installation. Includes serious remote denial of services,
> local root privilege escalations, or data loss.
The default installation, when one installs apache2 using
sudo apt-get install apache2
uses the apache2-mpm-prefork module, not apache2-mpm-worker. The article by LiraNuna clearly states:
I assume you are using the threaded version of Apache, else you are not vulnerable to this type of attack.
Please justify your claims about this being a high priority issue, affecting many people in the default installation, in the light of this.
More generally, if you believe this to be a significant issue for many people, rather than making unfounded statements here, please do the community a service and package the module that you wish to see included in Ubuntu :)