I didn't. Just wondering. Well, actually we've got some security people here that indicate a problem with the versionof mod_ssl we're running. They recommended upgrading mod_ssl, evidently, because of security problems with the mod_ssl that comes with our version of Apache - something about a mod_ssl containing a format string vulnerability in the ssl_log() function which 'may allow an attacker to potentially execute arbitrary code'. So... >>> jslive@xxxxxxxxx 3/24/2005 7:48:33 PM >>> On Thu, 24 Mar 2005 12:42:57 -0700, Charlie Smith <SmithCW@xxxxxxxxxxxxx> wrote: > Thanks Joshua. The instance I wanted to upgrade is actually httpd-2.0.48 Then you are better off just upgrading all of apache. Why do you think you need to upgrade mod_ssl independently? Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx ------------------------------------------------------------------------------ This message may contain confidential information, and is intended only for the use of the individual(s) to whom it is addressed. ------------------------------------------------------------------------------ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|