[apache2 0005174]: Update mod_ssl to be based on openssl 1.0.1g for heartbleed bug
Mantis Bug Tracker via bug-notifications
bug-notifications at lists.opencsw.org
Tue Sep 27 13:34:00 CEST 2016
The following issue has been CLOSED
======================================================================
https://www.opencsw.org/mantis/view.php?id=5174
======================================================================
Reported By: briandking
Assigned To: dam
======================================================================
Project: apache2
Issue ID: 5174
Category: upgrade
Reproducibility: have not tried
Severity: minor
Priority: normal
Status: closed
Resolution: open
Fixed in Version:
======================================================================
Date Submitted: 2014-05-26 15:17 CEST
Last Modified: 2016-09-27 13:33 CEST
======================================================================
Summary: Update mod_ssl to be based on openssl 1.0.1g for
heartbleed bug
Description:
Mod_ssl packaged with the current CSWapache2 appears to be based on a
version of openssl that was vulnerable to the heartbleed bug:
bash-3.2# strings /opt/csw/apache2/libexec/mod_ssl.so | grep -i openssl
...
OpenSSL 1.0.1f 6 Jan 2014
A newer version of the apache 2.2 line is released as well, which contains
a couple of security fixed. CSWapache2 is currently at 2.2.26 and the
current apache release is 2.2.27:
http://www.apache.org/dist/httpd/Announcement2.2.html
======================================================================
----------------------------------------------------------------------
(0011192) briandking (reporter) - 2016-09-26 17:15
https://www.opencsw.org/mantis/view.php?id=5174#c11192
----------------------------------------------------------------------
This issue can be closed
More information about the bug-notifications
mailing list