| View previous topic :: View next topic |
| Author |
Message |
nicklowe
Joined: 15 Apr 2007
Posts: 5
|
 Posted: Tue 16 Nov '10 22:53 Post subject: OpenSSL 0.98p and OpenSSL 1.00b |
 |
|
http://www.openssl.org/source/
The version shipping with Apache Lounge's build is vulnerable to a nasty security flaw. Isn't apparently exploitable via Apache. But an update is probably advised:
http://openssl.org/news/secadv_20101116.txt
(Is there any reason why the 0.98 branch is shipped rather than 1.00?)
Cheers,
Nick |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 1856
Location: Hilversum, NL, EU
|
| Posted: Tue 16 Nov '10 23:26 Post subject: |
|
|
Thanks for letting us know.
Indeed, Apache server is not effected. When I look to the other changes, I see no reason to upgrade now.
We follow the policy of the ASF, so we ship our distro also with 0.98.
Steffen |
|
| Back to top |
|
nicklowe
Joined: 15 Apr 2007
Posts: 5
|
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 1856
Location: Hilversum, NL, EU
|
| Posted: Wed 17 Nov '10 20:43 Post subject: |
|
|
ASF ships the Win32 Binary with OpenSSL 0.9.8o (MSI Installer), that we follow in principle.
Steffen |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 1856
Location: Hilversum, NL, EU
|
| Posted: Tue 30 Nov '10 22:57 Post subject: |
|
|
OpenSSL 1.0.0b now available at the download page.
Steffen |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 4299
Location: Germany, Next to Hamburg
|
| Posted: Fri 03 Dec '10 15:46 Post subject: |
|
|
| Would be nice to have that update for 1.0.0c |
|
| Back to top |
|
on 
