Re: OpenSSL Heartbleed bug, Apache still vulnerable?
Jochen Spieker <ml@well-adjusted.de> wrote:
> Thinking about this … what I actually use is mod_spdy which is not
> linked against libssl. It probably has the same bug …
> Yes, here it is:
> https://code.google.com/p/mod-spdy/issues/detail?id=85
> | Note that just disabling the spdy module in Apache won't work, because
> | the SSL library itself is replaced. Easiest fix on Debian is to remove
> | the mod-spdy package from the system (for now).
> Thanks for helping me to find this. After removing mod-spdy-beta
> and stopping and starting Apache, the test tools deem my system safe.
Ürx, nasty one.
I presume mod_spdy is not from any offical package (cannot find any
package matching "spdy" in Debian anywhere) but a module compiled by
yourself?
Grüße,
Sven.
--
Sigmentation fault. Core dumped.
Reply to: