FreeBSD Security Advisory FreeBSD-SA-03:18.openssl
Jacques A. Vidrine
nectar at FreeBSD.org
Sat Oct 4 09:00:12 PDT 2003
On Sat, Oct 04, 2003 at 03:22:42PM +0000, Bjoern A. Zeeb wrote:
> Another question: can someone please confirm that mod_ssl.so from
> apache 2.0.47 port is _not_ affected ?
It _is_ affected, because it uses the affected portions of OpenSSL.
> I have rebuilt libssl, libcrypto and installed them (they all differ
> from the old libs after make install) and done a rebuild of
> mod_ssl. But the new mod_ssl.so doesn't differ from the one
> built late August:
>
> [ports]apache2/work/httpd-2.0.47/modules/ssl/.libs> md5 mod_ssl.so
> MD5 (mod_ssl.so) = a4e31cf6e4aff5ca91f164d57eb68457
>
> /usr/local/libexec/apache2> md5 mod_ssl.so
> MD5 (mod_ssl.so) = a4e31cf6e4aff5ca91f164d57eb68457
>
> Also diff does not say that the binary files would differ.
mod_ssl.so uses dynamic linking. It would not require a rebuild nor
would the compiler output necessarily change after a rebuild.
Cheers,
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectar at celabo.org . jvidrine at verio.net . nectar at freebsd.org . nectar at kth.se
More information about the freebsd-security
mailing list