| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: draht at suse.de (Roman Drahtmueller)
Subject: OpenSSL problem: is mod_ssl also vulnerable?
>
> The key to the openssl issue is the same here, get fixed openssl sources,
> and recompile with them as the reference bases just as with mod-ssl
> appache 1.3.x.
>
> Now for those with less then trust worthy local users <smile>, and relying
> upon apache 1.3.x/mod-ssl/libmm compiles, there is the additional question
> of whther there is a new mm package available.
>
There is: Ralf Engelschall has published a new version. See
Homepage: http://www.ossp.org/pkg/lib/mm/
Release: ftp://www.ossp.org/pkg/lib/mm/mm-1.2.0.tar.gz
Patch: ftp://www.ossp.org/pkg/lib/mm/mm-1.1.3-sec.patch
Again, same procedure as with mod_ssl/openssl: As long as your apache
module (/usr/lib/apache/libssl.so) is linked dynamically against the
openssl libraries and as long as your apache daemon (/usr/sbin/httpd) is
linked dynamically against libmm, you can simply update the respective
package that contains the library and restart the webserver, it should run
fine.
If you upgrade the version of one or more of the packages, you will have
to recompile.
> Thanks,
> Ron DuFresne
Thanks,
Roman.
--
- -
| Roman Drahtm?ller <draht@...e.de> // "You don't need eyes to see, |
SuSE Linux AG - Security Phone: // you need vision!"
| N?rnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |
- -
Powered by blists - more mailing lists