Re: OpenSSL Heartbleed bug, Apache still vulnerable?

To: debian-user@lists.debian.org
Subject: Re: OpenSSL Heartbleed bug, Apache still vulnerable?
From: Sven Hartge <sven@svenhartge.de>
Date: Tue, 8 Apr 2014 22:34:48 +0200
Message-id: <[🔎] 6aj4bdl2liv8@mids.svenhartge.de>
References: <[🔎] 20140408144912.GA21675@well-adjusted.de> <[🔎] 53441672.1000604@gmail.com> <[🔎] 20140408171554.GC21675@well-adjusted.de> <[🔎] 2aj41372liv8@mids.svenhartge.de> <[🔎] 20140408190254.GD21675@well-adjusted.de>

Jochen Spieker <ml@well-adjusted.de> wrote:

> Thinking about this … what I actually use is mod_spdy which is not
> linked against libssl. It probably has the same bug …

> Yes, here it is:
> https://code.google.com/p/mod-spdy/issues/detail?id=85

> | Note that just disabling the spdy module in Apache won't work, because
> | the SSL library itself is replaced. Easiest fix on Debian is to remove
> | the mod-spdy package from the system (for now).

And a fix has been comitted:

https://code.google.com/p/mod-spdy/issues/detail?id=85#c2
https://code.google.com/p/mod-spdy/source/detail?r=408

S°

-- 
Sigmentation fault. Core dumped.

Reply to:

References:
- OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Jochen Spieker <ml@well-adjusted.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Jochen Spieker <ml@well-adjusted.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Sven Hartge <sven@svenhartge.de>
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Jochen Spieker <ml@well-adjusted.de>

Prev by Date: Re: OpenSSL Heartbleed bug, Apache still vulnerable?
Next by Date: Re: OpenSSL Heartbleed bug, Apache still vulnerable?
Previous by thread: Re: OpenSSL Heartbleed bug, Apache still vulnerable?
Next by thread: Re: OpenSSL Heartbleed bug, Apache still vulnerable?
Index(es):
- Date
- Thread