mailing list archives
OpenSSL problem: is mod_ssl also vulnerable?
From: full-disclosure () lists netsys com (Roman Drahtmueller)
Date: Wed, 31 Jul 2002 15:10:52 +0200 (MEST)
The key to the openssl issue is the same here, get fixed openssl sources,
and recompile with them as the reference bases just as with mod-ssl
Now for those with less then trust worthy local users <smile>, and relying
upon apache 1.3.x/mod-ssl/libmm compiles, there is the additional question
of whther there is a new mm package available.
There is: Ralf Engelschall has published a new version. See
Again, same procedure as with mod_ssl/openssl: As long as your apache
module (/usr/lib/apache/libssl.so) is linked dynamically against the
openssl libraries and as long as your apache daemon (/usr/sbin/httpd) is
linked dynamically against libmm, you can simply update the respective
package that contains the library and restart the webserver, it should run
If you upgrade the version of one or more of the packages, you will have
| Roman Drahtmüller <draht () suse de> // "You don't need eyes to see, |
SuSE Linux AG - Security Phone: // you need vision!"
| Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |