Re: Apache 2.039
On Thu, 8 Aug 2002, Cliff Woolley wrote: Upgrade to 0.9.6e. Make that 0.9.6f, released today. :) --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
On Fri, 9 Aug 2002, Cliff Woolley wrote: Make that 0.9.6f, released today. :) That's what I get for not reading all of my email before responding to any of it. 0.9.6g was also released today. Sigh. :) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 09 August 2002 04:27 pm, Cliff Woolley wrote: On Thu, 8 Aug 2002, Cliff Woolley wrote: Upgrade to 0.9.6e. Make that 0.9.6f, released today. :) g, just a few minutes ago.. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9U9M/4Q/49nIJTlwRAgh9AJ9RVLUm+8WXtqAkgDNTij/fJnTvdQCfVRko S0+auy1Me02md2SuHyvmDA4= =gl4i -END PGP SIGNATURE- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache 2.039
Title: RE: Apache 2.039 Followed your instruction, finally got every configuration done. But server won't start with following message in error_log, [Fri Aug 09 11:49:29 2002] [warn] Init: PRNG still contains not sufficient entropy! [Fri Aug 09 11:49:32 2002] [error] Init: Failed to generate temporary 512 bit RSA private key Configuration Failed Thanks. -Original Message- From: Daniel Lopez [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 08, 2002 2:09 PM To: [EMAIL PROTECTED] Subject: Re: Apache 2.039 Have a look at http://www.apacheworld.org/ty24/site.chapter17.html That is a chapter I have online that explains step by step how to build Apache 2 with SSL support. When I run configure --with-ssl=$directory_of_open_ssl, it complained that it can't find ssl toolkit library. Did I do anything wrong? Thanks. Wei -Original Message- From: Cliff Woolley [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 08, 2002 1:50 PM To: [EMAIL PROTECTED] Subject: Re: Apache 2.039 On Thu, 8 Aug 2002, Tony Jarriault wrote: I'm search openssl for Apache 2.039, where can i find it, please ? I assume you mean mod_ssl, not openssl. mod_ssl is bundled with Apache 2.0.x -- check your copy of Apache 2.0 and you'll find that it's already there (caveat: we do not distribute binaries of mod_ssl, only source code). OpenSSL is the same regardless of what mod_ssl you use and is available at www.openssl.org. --Cliff PS: Can we PLEASE add this to the FAQ or even the main modssl.org site? __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Apache 2.039
On Fri, 9 Aug 2002, Cliff Woolley wrote: That's what I get for not reading all of my email before responding to any of it. 0.9.6g was also released today. Sigh. :) I guess today was the day for releases. Apache 2.0.40 is now out as well. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
On Fri, 9 Aug 2002, Cliff Woolley wrote: On Fri, 9 Aug 2002, Cliff Woolley wrote: That's what I get for not reading all of my email before responding to any of it. 0.9.6g was also released today. Sigh. :) I guess today was the day for releases. Apache 2.0.40 is now out as well. Any word on if this compiles on those older linux kernels as the previous release was a total dud in that realm? Thanks, Ron DuFresne -- ~~ admin senior security consultant: sysinfo.com http://sysinfo.com Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation. -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
This is a security fix release for those using apache in Cygwin environments! quote Date: Fri, 9 Aug 2002 22:07:52 +0100 (BST) From: Mark J Cox [EMAIL PROTECTED] To: [EMAIL PROTECTED], Full Disclosure [EMAIL PROTECTED], Vuln-Dev [EMAIL PROTECTED] Subject: [Full-Disclosure] Apache 2.0 vulnerability affects non-Unix platforms -BEGIN PGP SIGNED MESSAGE- For Immediate Disclosure === SUMMARY Title: Apache 2.0 vulnerability affects non-Unix platforms Date: 9th August 2002 Revision: 2 Product Name: Apache HTTP server 2.0 OS/Platform: Windows, OS2, Netware Permanent URL: http://httpd.apache.org/info/security_bulletin_20020809a.txt Vendor Name: Apache Software Foundation Vendor URL: http://httpd.apache.org/ Affects: All Released versions of 2.0 through 2.0.39 Fixed in: 2.0.40 Identifiers: CAN-2002-0661 === DESCRIPTION Apache is a powerful, full-featured, efficient, and freely-available Web server. On the 7th August 2002, The Apache Software Foundation was notified of the discovery of a significant vulnerability, identified by Auriemma Luigi [EMAIL PROTECTED]. This vulnerability has the potential to allow an attacker to inflict serious damage to a server, and reveal sensitive data. This vulnerability affects default installations of the Apache web server. Unix and other variant platforms appear unaffected. Cygwin users are likely to be affected. === SOLUTION A simple one line workaround in the httpd.conf file will close the vulnerability. Prior to the first 'Alias' or 'Redirect' directive, add the following directive to the global server configuration: RedirectMatch 400 \\\.\. Fixes for this vulnerability are also included in Apache HTTP server version 2.0.40. The 2.0.40 release also contains fixes for two minor path-revealing exposures. This release of Apache is available at http://www.apache.org/dist/httpd/ /quote and SNIP Thanks, Ron DuFresne On Fri, 9 Aug 2002, Cliff Woolley wrote: On Fri, 9 Aug 2002, Cliff Woolley wrote: That's what I get for not reading all of my email before responding to any of it. 0.9.6g was also released today. Sigh. :) I guess today was the day for releases. Apache 2.0.40 is now out as well. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- ~~ admin senior security consultant: sysinfo.com http://sysinfo.com Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation. -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
On Fri, 9 Aug 2002, R. DuFresne wrote: Any word on if this compiles on those older linux kernels as the previous release was a total dud in that realm? Probably no change. But FWIW, I believe one of our developers tried it on an older kernel and it worked fine for him... if you could provide access to a box it fails on to one of the core dev team, that might help. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
Gregg Andrew wrote: Openssl.org version 0.9.6e Do you know what different between 0.9.6b and 0.9.6e, Because I knew there are some of users they are using 0.9.6b, I think 0.9.6b is an older version... But if I use the new version of Apache ( eg : 1.3.26 ), so... use 0.9.6e is good ? I was fail to install 0.9.6d !
Re: Apache 2.039
On Fri, 9 Aug 2002 [EMAIL PROTECTED] wrote: Do you know what different between 0.9.6b and 0.9.6e Among other things, there are important security fixes in 0.9.6e (for remotely exploitable bugs in 0.9.6d and earlier versions). Upgrade to 0.9.6e. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.039
Cliff Woolley wrote: On Fri, 9 Aug 2002 [EMAIL PROTECTED] wrote: Do you know what different between 0.9.6b and 0.9.6e Among other things, there are important security fixes in 0.9.6e (for remotely exploitable bugs in 0.9.6d and earlier versions). Upgrade to 0.9.6e. So, do you agree compile and install apache 1.3.26, php 4.2.2, MySQL 3.23.51, OpenSSL 0.9.6e and mod_ssl 2.8.10-1.3.26 good for working together under Linux / Unix / other OS System ? Thank for your help ! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]