We have just put out a new binary bugfix release of mod_spdy (v0.9.4.3). Binary packages for this release are available for download today from here:
If you've installed one of our previous binary releases (and did not disable auto-update), you should be able to easily upgrade using your package manager (apt or yum).
This update addresses the OpenSSL MITM CCS injection vulnerability (CVE-2014-0224) by upgrading the version of OpenSSL used by mod_spdy, and is *strongly recommended* for all mod_spdy users. All versions of mod_spdy prior to 0.9.4.3 are vulnerable and should be updated immediately. More information at these links:
http://ccsinjection.lepidum.co.jp/