[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Applying new OpenSSL patch to mod_ssl for Raq4
- Subject: [cobalt-security] Applying new OpenSSL patch to mod_ssl for Raq4
- From: "Ian" <cobalt@xxxxxxxxxxxxx>
- Date: Fri, 28 Mar 2003 12:51:43 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi,
Due to the new vulnerability in openssl (see below), I decided to
recompile mod_ssl for apache.
http://www.openssl.org/news/secadv_20030317.txt
During the process I copied everything down and have placed
instructions here (html):
http://www.fishnet.co.uk/support/cobalt/mod_ssl/index.html
or as a text file:
http://www.fishnet.co.uk/support/cobalt/mod_ssl/config_mod_ssl.txt
These instructions are for a Raq4 with Apache 1.3.20. (Based on
instructions from Gerald Waugh.)
I do not know if it is possible to expolit the vulnerability or
whether one exists, but better safe than sorry !
The fact that openssl have not released a new version probably says
it all.
DISCLAIMER: I have provided these instructions for information only.
If this breaks your mod_ssl this is in no way my fault. Just
reinstall the backup. It worked for me.
Regards
Ian Gibbons
--