httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nitin dubey <nitz_t...@yahoo.com>
Subject [users@httpd] Regarding mgmt. of mod_ssl and Apache versions (vulnerabilities)
Date Thu, 21 Feb 2008 13:58:30 GMT
Hi, 

I have downloaded the sources of latest apache 2.2.8 that includes mod_ssl as well.  My concern
is about the two vulnerabilities (htp://www.securityfocus.com/bid/10736/info, htp://www.securityfocus.com/bid/4189/info).
 I do not have any information whether or not these two vulnerabilities still exist or have
been fixed in the mod_ssl provided with apache sources 2.2.8.

After googling I could find out that these are solved in mod_ssl 2.8.19.  

Now to fix this I am thinking/trying the following:
- Check the version of mod_ssl bundled with apache 228.  If this ver is greater than 2.8.19
then these vulnerabilities must have been fixed.  I do not know how to determine the version
of mod_ssl here.

- Download the mod_ssl latest version from modssl.org and force (since modssl.org does not
provide sources for apache 2.x ver; it provides only for apache 1.3.x series) its installation
with latest apache 228 ver.  Since, mod_ssl version here is not built for apache 2.x series,
I may end up creating more problems for myself.




      Forgot the famous last words? Access your message archive online at http://in.messenger.yahoo.com/webmessengerpromo.php


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message