httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject httpd response to openssl worm
Date Tue, 17 Sep 2002 02:00:01 GMT

Wouldn't it be a good idea for us to put out an advisory to the usual
places (announce@...) summarizing all the recent security stuff including
the openssl worm (commonly called an "apache worm")?  Neither the openssl
site, nor the mod_ssl site, nor the apache-ssl site seem to have any
prominent mention of this thing.

Even though it is not apache code at fault, I think it would be a good
service to our users to make the problem and solution more widely known.
It would also be a good opportunity to remind people to upgrade to safe
versions of httpd to fix the chunking bug, etc.

Joshua.


Mime
View raw message