mailing list archives
OpenSSL problem: is mod_ssl also vulnerable?
From: full-disclosure () lists netsys com (Ron DuFresne)
Date: Wed, 31 Jul 2002 07:31:06 -0500 (CDT)
And since I made this request for info on another list, relating to libmm
sources, here is the answer:
yes, there is a new version of mm available on
( Status: Stable Version: 1.2.1 (28-Jul-2002) )
The advisory is here:
On Wed, 31 Jul 2002, Thomas Oppel wrote:
Am Mittwoch, 31. Juli 2002 09:13 schrieb Jedi/Sector One:
On Wed, Jul 31, 2002 at 08:50:31AM +0200, Peter Bieringer wrote:
does anyone know whether mod_ssl (used with Apache 1.3) is also
vulnerable. Currently, last version seen on their webpage is 2.8.10
(24 June 2002).
Yes, the OpenSSL vulnerability can be triggered through mod_ssl.
But you don't need a new mod_ssl version to be safe against it. Only
bring OpenSSL up to date, and your mod_ssl module will be safe.
And what about apache-2.0.39 with SSL enabled?
Nothing on apache.org so far.
apache-2.0.x includes code from the mod_ssl project I guess, right?
thomas.oppel () arenfels de
Full-Disclosure - We believe in it.
Full-Disclosure () lists netsys com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.