I will admit that I am far from an advanced user of Apache. So for now I think I will hold off on trying to create the module. Is it safe to assume that a fix/patch/upgrade will become available to address the shellshock vulnerability? Thanks, Sharon -----Original Message----- From: Nick Kew [mailto:nick@xxxxxxxxxxxx] Sent: Monday, September 29, 2014 12:59 PM To: users@xxxxxxxxxxxxxxxx Subject: Re: Proposed simple shell-shock protection On 29 Sep 2014, at 17:35, Sharon Zastre wrote: > Thank you Nick for quickly looking into a solution/work around for the shellshock vulnerability. But I'm confused as to how to implement it. I am currently at Apache 2.4.9 with OpenSSL 1.0.1g. Do I need to upgrade to 2.4.10 or 2.5(?) first? Will it simply be in the install and I include mod_taint in the config file? Or is this a separate download that I need to run? No, you don't need to upgrade anything. Just build the module. with your existing 2.2.x or 2.4.x. Maybe even 2.0.x: I haven't tried! If you don't know how, the tool you need is apxs, and the server docs explain how to use it. You should also be aware that if you're not accustomed to getting your hands dirty, you might find it too 'bleeding edge'. I just had a bug report a few hours ago and have yet to find time to investigate. -- Nick Kew --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|