On 29 Sep 2014, at 17:35, Sharon Zastre wrote: > Thank you Nick for quickly looking into a solution/work around for the > shellshock vulnerability. But I'm confused as to how to implement it. I am > currently at Apache 2.4.9 with OpenSSL 1.0.1g. Do I need to upgrade to > 2.4.10 or 2.5(?) first? Will it simply be in the install and I include > mod_taint in the config file? Or is this a separate download that I need to > run?
No, you don't need to upgrade anything. Just build the module. with your existing 2.2.x or 2.4.x. Maybe even 2.0.x: I haven't tried! If you don't know how, the tool you need is apxs, and the server docs explain how to use it. You should also be aware that if you're not accustomed to getting your hands dirty, you might find it too 'bleeding edge'. I just had a bug report a few hours ago and have yet to find time to investigate. -- Nick Kew --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
