httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: [users@httpd] Proposed simple shell-shock protection
Date Mon, 29 Sep 2014 17:58:52 GMT

On 29 Sep 2014, at 17:35, Sharon Zastre wrote:

> Thank you Nick for quickly looking into a solution/work around for the shellshock vulnerability.
 But I'm confused as to how to implement it.  I am currently at Apache 2.4.9 with OpenSSL
1.0.1g.  Do I need to upgrade to 2.4.10 or 2.5(?) first?  Will it simply be in the install
and I include mod_taint in the config file?  Or is this a separate download that I need to

No, you don't need to upgrade anything.  Just build the module.
with your existing 2.2.x or 2.4.x.  Maybe even 2.0.x: I haven't tried!
If you don't know how, the tool you need is apxs, and the server
docs explain how to use it.

You should also be aware that if you're not accustomed to getting
your hands dirty, you might find it too 'bleeding edge'.   I just had a
bug report a few hours ago and have yet to find time to investigate.

Nick Kew
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message