Anonymous | Login | 2024-03-29 16:10 CET |
Main | My View | View Issues |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
0005174 | [apache2] upgrade | minor | have not tried | 2014-05-26 15:17 | 2016-09-27 13:34 | ||
Reporter | briandking | View Status | public | ||||
Assigned To | dam | ||||||
Priority | normal | Resolution | fixed | ||||
Status | closed | ||||||
Summary | 0005174: Update mod_ssl to be based on openssl 1.0.1g for heartbleed bug | ||||||
Description |
Mod_ssl packaged with the current CSWapache2 appears to be based on a version of openssl that was vulnerable to the heartbleed bug: bash-3.2# strings /opt/csw/apache2/libexec/mod_ssl.so | grep -i openssl ... OpenSSL 1.0.1f 6 Jan 2014 A newer version of the apache 2.2 line is released as well, which contains a couple of security fixed. CSWapache2 is currently at 2.2.26 and the current apache release is 2.2.27: http://www.apache.org/dist/httpd/Announcement2.2.html [^] |
||||||
Additional Information | |||||||
Tags | No tags attached. | ||||||
Attached Files | |||||||
|
Notes | |
(0010844) dam (administrator) 2014-06-02 09:20 |
Regarding OpenSSL: It shouldn't matter which string is put inside mod_ssl, look at the actual shared library binding: root@web [web]:/root > ldd -r /opt/csw/apache2/libexec/mod_ssl.so | less libssl.so.1.0.0 => /opt/csw/lib/sparcv8plus+vis/libssl.so.1.0.0 libcrypto.so.1.0.0 => /opt/csw/lib/sparcv8plus+vis/libcrypto.so.1.0.0 ... which is part of OpenSSL 1.0.1g: root@web [web]:/root > pkginfo -x CSWlibssl1-0-0 CSWlibssl1-0-0 libssl1_0_0 - Openssl 1.0 runtime libraries (sparc) 1.0.1g,REV=2014.04.08 I just started rerolling 2.2.27. |
(0010846) dam (administrator) 2014-06-02 11:38 |
An updated Apache 2.2.27 will show up here soon: http://buildfarm.opencsw.org/experimental.html#apache22 [^] Please let me know if to works so I can push it to unstable/. |
(0011192) briandking (reporter) 2016-09-26 17:15 |
This issue can be closed |
Copyright © 2000 - 2008 Mantis Group |