Is httpd impacted by openssl asn1 CVE?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Is httpd impacted by openssl asn1 CVE?
From: Fred K <fredk2@xxxxxxxxx>
Date: Sat, 21 Mar 2015 16:18:37 -0400
Reply-to: users@xxxxxxxxxxxxxxxx

Hi

In this week's openssl security announcement were two moderate CVE related to asn1.
- when/where does the Apache httpd server (e.g. 2.4.12) actually use asn1?
- does apache rely on openssl for asn1 and do we need to be concerned about:
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
ASN.1 structure reuse memory corruption (CVE-2015-0287)

Thank you very much - Fred

Follow-Ups:
- Re: Is httpd impacted by openssl asn1 CVE?
  - From: Robert Webb

Prev by Date: 500 error while accessing tomcat
Next by Date: Re: Is httpd impacted by openssl asn1 CVE?
Previous by thread: 500 error while accessing tomcat
Next by thread: Re: Is httpd impacted by openssl asn1 CVE?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]