Apache/mod_ssl vulnerability and mitigation
The following announcement has just been made to the announce mailing list: Apache httpd is affected by CVE-2009-3555[1] (The SSL Injection or MiM attack[2]). The Apache httpd webserver relies on OpenSSL for the implementation of the SSL/TLS protocol. We strongly urge you to upgrade to OpenSSL 0.9.8l; and to be prepared to deploy OpenSSL 0.9.8m [...]
Apache HTTP Server 2.2.13
An updated version of the Apache 2.2 web server has been released. It is primarily a security and bug fix release. It also bundles version 1.3.8 of the APR Library version 1.3.9 of the APR Utility Library, which addresses a security concern that may be triggered by some 3rd party modules. All users are encouraged [...]
