Thank you Nick for quickly looking into a solution/work around for the
shellshock vulnerability. But I'm confused as to how to implement it. I am
currently at Apache 2.4.9 with OpenSSL 1.0.1g. Do I need to upgrade to 2.4.10
or 2.5(?) first? Will it simply be in the install and I include
On 29 Sep 2014, at 17:35, Sharon Zastre wrote:
Thank you Nick for quickly looking into a solution/work around for the
shellshock vulnerability. But I'm confused as to how to implement it. I am
currently at Apache 2.4.9 with OpenSSL 1.0.1g. Do I need to upgrade to
2.4.10 or 2.5(?)
[mailto:n...@webthing.com]
Sent: Monday, September 29, 2014 12:59 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Proposed simple shell-shock protection
On 29 Sep 2014, at 17:35, Sharon Zastre wrote:
Thank you Nick for quickly looking into a solution/work around for the
shellshock
On Mon, Sep 29, 2014 at 01:09:19PM -0500, Sharon Zastre wrote:
Is it safe to assume that a fix/patch/upgrade will become available to
address the shellshock vulnerability?
Yes, but not in apache. The vulnerability dubbed shellshock is a
flaw in bash and patches and upgrades are already widely
On 29 Sep 2014, at 19:41, Pete Houston wrote:
It is not a flaw in apache. Apache is simply a network-enabled channel
through which exploitative payloads may be delivered to unpatched
installations of bash (one of many such channels).
Yep. mod_taint (or any other Apache-based solution) is
