[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

Jochen Spieker <ml@well-adjusted.de> wrote:

> Thinking about this … what I actually use is mod_spdy which is not
> linked against libssl. It probably has the same bug …

> Yes, here it is:
> https://code.google.com/p/mod-spdy/issues/detail?id=85

> | Note that just disabling the spdy module in Apache won't work, because
> | the SSL library itself is replaced. Easiest fix on Debian is to remove
> | the mod-spdy package from the system (for now).

> Thanks for helping me to find this. After removing mod-spdy-beta
> and stopping and starting Apache, the test tools deem my system safe.

Ürx, nasty one. 

I presume mod_spdy is not from any offical package (cannot find any
package matching "spdy" in Debian anywhere) but a module compiled by
yourself?

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.
Reply to: