Hi,
I have downloaded the sources of latest apache 2.2.8 that includes mod_ssl as
well. My concern is about the two vulnerabilities
(htp://www.securityfocus.com/bid/10736/info,
htp://www.securityfocus.com/bid/4189/info). I do not have any information
whether or not these two vulnerabilities still exist or have been fixed in the
mod_ssl provided with apache sources 2.2.8.
After googling I could find out that these are solved in mod_ssl 2.8.19.
Now to fix this I am thinking/trying the following:
- Check the version of mod_ssl bundled with apache 228. If this ver is greater
than 2.8.19 then these vulnerabilities must have been fixed. I do not know how
to determine the version of mod_ssl here.
- Download the mod_ssl latest version from modssl.org and force (since
modssl.org does not provide sources for apache 2.x ver; it provides only for
apache 1.3.x series) its installation with latest apache 228 ver. Since,
mod_ssl version here is not built for apache 2.x series, I may end up creating
more problems for myself.
Forgot the famous last words? Access your message archive online at
http://in.messenger.yahoo.com/webmessengerpromo.php
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
