I upgraded OpenSSL to the latest version (as per the recent GLSA). Unfortunately my Apache (2.0.47) server string still reads:
"Apache/2.0.47 (Gentoo/Linux) DAV/2 mod_ssl/2.0.47 OpenSSL/0.9.6j PHP/4.3.2 Server at luna.fea Port 80"
I guess this implies that Apache is still using the old (vulnerable?) version of OpenSSL. Do I have to re-emerge apache to for it to use the new OpenSSL Library?
Did you restart Apache? Try '/etc/init.d/apache2 restart'
-- Andrew Gaffney
-- [EMAIL PROTECTED] mailing list