Home page logo

fulldisclosure logo Full Disclosure mailing list archives

OpenSSL problem: is mod_ssl also vulnerable?
From: full-disclosure () lists netsys com (Roman Drahtmueller)
Date: Wed, 31 Jul 2002 15:10:52 +0200 (MEST)

The key to the openssl issue is the same here, get fixed openssl sources,
and recompile with them as the reference bases just as with mod-ssl
appache 1.3.x.

Now for those with less then trust worthy local users <smile>, and relying
upon apache 1.3.x/mod-ssl/libmm compiles, there is the additional question
of whther there is a new mm package available.

There is: Ralf Engelschall has published a new version. See

    Homepage: http://www.ossp.org/pkg/lib/mm/
    Release:   ftp://www.ossp.org/pkg/lib/mm/mm-1.2.0.tar.gz
    Patch:     ftp://www.ossp.org/pkg/lib/mm/mm-1.1.3-sec.patch

Again, same procedure as with mod_ssl/openssl: As long as your apache
module (/usr/lib/apache/libssl.so) is linked dynamically against the
openssl libraries and as long as your apache daemon (/usr/sbin/httpd) is
linked dynamically against libmm, you can simply update the respective
package that contains the library and restart the webserver, it should run

If you upgrade the version of one or more of the packages, you will have
to recompile.

Ron DuFresne

 -                                                                      -
| Roman Drahtm├╝ller      <draht () suse de> // "You don't need eyes to see, |
  SuSE Linux AG - Security       Phone: //             you need vision!"
| N├╝rnberg, Germany     +49-911-740530 //           Maxi Jazz, Faithless |
 -                                                                      -

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]