The report that I got specifically refers to mod_ssl. It says that "mod_ssl older than 2.87" has a buffer overflow problem; does this sound like something that applies to Apache 1.x? I have OpenSSL 0.9.7, so I would hope that's not what they're complaining about. Thanks! On 4/13/07 2:13 PM, "William A. Rowe, Jr." <wrowe@xxxxxxxxxxxxx> wrote: > Mike VanHorn wrote: >> >> I have Apache 2.2.2, and the version given for mod_ssl is 2.2.2. >> >> We were recently audited and the audit report notes that our version of >> mod_ssl is old. > > 2.2.4 is current. > > Are you certain that is what they identified? It might also be that the > version of OpenSSL was identified as too old, either 0.9.7 or 0.9.8 is fine > - it's the specific release of whichever of those two packages you want > to look at. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --- Mike VanHorn Senior Computer Systems Administrator College of Engineering and Computer Science Wright State University 265 Russ Engineering Center 937-775-5157 michael.vanhorn@xxxxxxxxxx http://www.cs.wright.edu/~mvanhorn/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|