A NOTE has been added to this issue. ====================================================================== https://www.opencsw.org/mantis/view.php?id=5174 ====================================================================== Reported By: briandking Assigned To: dam ====================================================================== Project: apache2 Issue ID: 5174 Category: upgrade Reproducibility: have not tried Severity: minor Priority: normal Status: feedback ====================================================================== Date Submitted: 2014-05-26 15:17 CEST Last Modified: 2016-09-26 17:15 CEST ====================================================================== Summary: Update mod_ssl to be based on openssl 1.0.1g for heartbleed bug Description: Mod_ssl packaged with the current CSWapache2 appears to be based on a version of openssl that was vulnerable to the heartbleed bug:
bash-3.2# strings /opt/csw/apache2/libexec/mod_ssl.so | grep -i openssl ... OpenSSL 1.0.1f 6 Jan 2014 A newer version of the apache 2.2 line is released as well, which contains a couple of security fixed. CSWapache2 is currently at 2.2.26 and the current apache release is 2.2.27: http://www.apache.org/dist/httpd/Announcement2.2.html ====================================================================== ---------------------------------------------------------------------- (0011192) briandking (reporter) - 2016-09-26 17:15 https://www.opencsw.org/mantis/view.php?id=5174#c11192 ---------------------------------------------------------------------- This issue can be closed