The Apache Haus Forum

Advanced search  

News:

Welcome to Apache Haus Distribution Forum

Pages: [1]   Go Down

Author Topic: Apache 2.4.38 with updated OpenSSL 1.0.2r & 1.1.1b now availabe  (Read 832 times)

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 843
Apache 2.4.38 with updated OpenSSL 1.0.2r & 1.1.1b now availabe
« on: February 28, 2019, 11:18:45 PM »

OpenSSL updated to 1.0.2r or 1.1.1b

This update fixes a moderate severity padding oracle vulnerability (CVE-2019-1559) in OpenSSL 1.0.2-1.0.2q that could be used by a remote peer to decrypt data. It has caveats that required which it is why it is only rated as moderate? Stll, the possibility to decrypt the data is dangerous enough to want to plug that hole, no matter how remote.

For OpenSSL 1.1.1, this is simply a bug fix release. Squashing bugs is good no? If you have not read my post from yesterday you may be surprised to find Apache with OpenSSL 1.1.1 has moved to VC15, You can read about it at the link. Note that until I get the modules built in VC15, you can still use your vc14 modules. I wii start working on the tonight and should have them done by March 4 at the latest. You should be able to expect the same modules currently available to VC14 builds.

Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 582
Re: Apache 2.4.38 with updated OpenSSL 1.0.2r & 1.1.1b now availabe
« Reply #1 on: March 01, 2019, 08:54:50 AM »

You are our binary hero!  ;D
Logged
Pages: [1]   Go Up
 

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13