httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fred K <fre...@gmail.com>
Subject [users@httpd] Is httpd impacted by openssl asn1 CVE?
Date Sat, 21 Mar 2015 20:18:37 GMT
Hi

In this week's openssl security announcement were two moderate CVE related
to asn1.
- when/where does the Apache httpd server (e.g. 2.4.12) actually use asn1?
- does apache rely on openssl for asn1 and do we need to be concerned
about:
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
ASN.1 structure reuse memory corruption (CVE-2015-0287)

Thank you very much - Fred

Mime
View raw message