[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 532-1] New libapache-mod-ssl packages fix multiple vulnerabilities

On Tue, Jul 27, 2004 at 01:01:10PM +0200, Rhesa Rozendaal wrote:

> The main reason is that it adds the line
> 	LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so
> to the apache config file /etc/apache/httpd.conf.
> Here's why this breaks my setup: I run two instances of apache, a 
> light-weight frontend server that handles static content and proxies 
> dynamic requests to a big backend mod_perl instance that runs on
> the internal interface only. This is a common mod_perl configuration.
> In my case, the frontend handles SSL connections. Its config file is 
> /etc/apache/ht-light.conf.
> The backend instance uses the original filename /etc/apache/httpd.conf.
> The frontend is already bound to port 443. The backend tried to restart, 
> but now has a load mod_ssl line, and can't start. And now our 
> application won't run...

It is unfortunate that this caused a problem for you, but it was not the
resul of the security update.  The woody Apache packages have always worked
this way, and will modify /etc/apache/httpd.conf.  There is no way for the
packaging system to know that you are using /etc/apache/ht-light.conf
instead.  If you are running multiple instances, I would suggest that you
use /etc/apache/httpd.conf only for the instance started by the package, and
use a different config file for your custom build.

However, I refer you to the debian-apache list for more information about
this (sometimes unfortunate) behaviour.

 - mdz

Reply to: