Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability

Solution:
mod_ssl is enabled by default in Conectiva Linux Apache packages.

HP Secure OS Software for Linux ships with a customized version of mod_ssl. HP has made a patch available.

Oracle has released an advisory and patches to address this issue. User are advised to obtain patches from the Oracle metalink site listed in references.

Upgrades are available from other vendors:


Apache-SSL Apache-SSL 1.39

Apache-SSL Apache-SSL 1.40

Apache-SSL Apache-SSL 1.41

Apache-SSL Apache-SSL 1.42

Apache-SSL Apache-SSL 1.44

Apache-SSL Apache-SSL 1.45

Apache-SSL Apache-SSL 1.46

mod_ssl mod_ssl 2.4.10

mod_ssl mod_ssl 2.7.1

mod_ssl mod_ssl 2.8

mod_ssl mod_ssl 2.8.1

mod_ssl mod_ssl 2.8.2

mod_ssl mod_ssl 2.8.3

mod_ssl mod_ssl 2.8.4

mod_ssl mod_ssl 2.8.5

mod_ssl mod_ssl 2.8.5 -1

mod_ssl mod_ssl 2.8.6


 

Privacy Statement
Copyright 2010, SecurityFocus