Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 83277 invoked from network); 7 Oct 2003 18:09:18 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 7 Oct 2003 18:09:18 -0000 Received: (qmail 77626 invoked by uid 500); 7 Oct 2003 18:08:41 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 77605 invoked by uid 500); 7 Oct 2003 18:08:41 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 77570 invoked from network); 7 Oct 2003 18:08:41 -0000 Received: from unknown (HELO harrier.mail.pas.earthlink.net) (207.217.120.12) by daedalus.apache.org with SMTP; 7 Oct 2003 18:08:41 -0000 Received: from dialup-67.30.19.195.dial1.dallas1.level3.net ([67.30.19.195] helo=RUFF01) by harrier.mail.pas.earthlink.net with smtp (Exim 3.33 #1) id 1A6wGL-0002S2-00 for users@httpd.apache.org; Tue, 07 Oct 2003 11:08:45 -0700 Message-ID: <006301c38cfe$0cf46170$c3131e43@RUFF01> From: "Jeff White" To: References: <20031005201635.PTSX28253.mf2@ubbe> <3F809440.9E4BA095@onetel.net.uk> <003b01c38c15$964ee2e0$6701a8c0@enterprise> Date: Tue, 7 Oct 2003 13:03:55 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] Proxy garbles "special" characters X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N From: "Leif W" > > HTTP/1.1 200 OK > Date: Mon, 06 Oct 2003 14:18:22 GMT > Server: Apache/2.0.47 (Unix) mod_ssl/2.0.47 > OpenSSL/0.9.7b An open-source group that maintains software for securing communications released a patch on Tuesday to fix several vulnerabilities that were found during a security test by the U.K. government. The security flaws exist in the OpenSSL Project's version of the secure sockets layer (SSL) software used by Web sites and browsers to cryptographically secure data. Two of the flaws could lead to a denial-of-service attack, and a third may allow an attacker to break into a system from the Internet. Snip Not to be confused with the OpenSSH project--SSH stands for secure shell--which has patched its software twice in the last month, the OpenSSL Project develops and maintains an open-source version of SSL software. A year ago, the Slapper worm infected Linux computers that hadn't been patched to fix a different hole in the same software. Open-source group plugs three holes http://zdnet.com.com/2100-1105_2-5085327.html?tag=zdfd.newsfeed OpenSSL Flaws Loom Over Internet Security http://www.securityfocus.com/news/7103 October 2, 2003 There are multiple vulnerabilities in different implementations of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. OpenSSL versions prior to 0.9.7c and 0.9.6k CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations http://www.cert.org/advisories/CA-2003-26.html Jeff --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org