Full Disclosure mailing list archives
OpenSSL problem: is mod_ssl also vulnerable?
From: full-disclosure () lists netsys com (Roman Drahtmueller)
Date: Wed, 31 Jul 2002 15:10:52 +0200 (MEST)
The key to the openssl issue is the same here, get fixed openssl sources, and recompile with them as the reference bases just as with mod-ssl appache 1.3.x. Now for those with less then trust worthy local users <smile>, and relying upon apache 1.3.x/mod-ssl/libmm compiles, there is the additional question of whther there is a new mm package available.
There is: Ralf Engelschall has published a new version. See Homepage: http://www.ossp.org/pkg/lib/mm/ Release: ftp://www.ossp.org/pkg/lib/mm/mm-1.2.0.tar.gz Patch: ftp://www.ossp.org/pkg/lib/mm/mm-1.1.3-sec.patch Again, same procedure as with mod_ssl/openssl: As long as your apache module (/usr/lib/apache/libssl.so) is linked dynamically against the openssl libraries and as long as your apache daemon (/usr/sbin/httpd) is linked dynamically against libmm, you can simply update the respective package that contains the library and restart the webserver, it should run fine. If you upgrade the version of one or more of the packages, you will have to recompile.
Thanks, Ron DuFresne
Thanks, Roman. -- - - | Roman Drahtmüller <draht () suse de> // "You don't need eyes to see, | SuSE Linux AG - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -
Current thread:
- OpenSSL problem: is mod_ssl also vulnerable? Peter Bieringer (Jul 30)
- OpenSSL problem: is mod_ssl also vulnerable? Jedi/Sector One (Jul 31)
- OpenSSL problem: is mod_ssl also vulnerable? Helmut Springer (Jul 31)
- OpenSSL problem: is mod_ssl also vulnerable? Thomas Oppel (Jul 31)
- OpenSSL problem: is mod_ssl also vulnerable? Ron DuFresne (Jul 31)
- OpenSSL problem: is mod_ssl also vulnerable? Roman Drahtmueller (Jul 31)
- OpenSSL problem: is mod_ssl also vulnerable? Ron DuFresne (Jul 31)
- OpenSSL problem: is mod_ssl also vulnerable? Jedi/Sector One (Jul 31)