this new release has AFAIK nothing to do with the openssl-vulns. It is a release for the today released apache-1.3.27 which fixes 3 vulns in the apache itself.
If you want to fix the vulns in SSL you have to upgrade or patch your openssl-package. Andreas ---- e-admin internet gmbh andreas gietl ludwig-thoma-strasse 35 93051 Regensburg -----Urspr�ngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Im Auftrag von Jeff Bert Gesendet: Freitag, 4. Oktober 2002 18:56 An: [EMAIL PROTECTED] Betreff: Re: [ANNOUNCE] mod_ssl 2.8.11-1.3.27 Thanks Ralf for keeping up on this. I run apache/mod_ssl server as a hobby for friends' websites and have been actually having quite a number of people trying the ssl hack on my server. Jeff > As you've hopefully recognized, the ASF released Apache 1.3.27, which > includes important security fixes. The corresponding mod_ssl 2.8.11 for > this version is now available, too. > > Fetch it from: > > http://www.modssl.org/source/ > ftp://ftp.modssl.org/source/ > Ralf S. Engelschall > [EMAIL PROTECTED] > www.engelschall.com > > Changes with mod_ssl 2.8.11 (24-Jun-2002 to 04-Oct-2002) > > *) Upgraded to Apache 1.3.27. > > *) Fixed internal error handling for CRL verification. > > *) Initialize OpenSSL ENGINE before initializing OpenSSL > to workaround problems with the PRNG. > > *) Also find "openssl" executable in "sbin" directories. > > *) Honor specified number of maximum bytes on SSLRandomSeed > if reading from EGD. > > *) Fixed generation of SSL_CLIENT_CERT_CHAIN_[0-9] variables. > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
