New mod_spdy binary bugfix release (v0.9.4.2) - SECURITY FIX

818 views

Skip to first unread message

Matthew Steele

unread,

Apr 8, 2014, 6:37:28 PM4/8/14

to mod-spdy...@googlegroups.com, spdy...@googlegroups.com

We have just put out a new binary bugfix release of mod_spdy (v0.9.4.2). Binary packages for this release are available for download today from here:

https://developers.google.com/speed/spdy/mod_spdy/

If you've installed one of our previous binary releases (and did not disable auto-update), you should be able to easily upgrade using your package manager (apt or yum).

This update addresses the OpenSSL Heartbleed security bug (CVE-2014-0160) by upgrading the version of OpenSSL used by mod_spdy, and is *strongly recommended* for all mod_spdy users. All versions of mod_spdy prior to 0.9.4.2 are vulnerable and should be updated immediately. More information at these links:

http://heartbleed.com/

https://www.openssl.org/news/secadv_20140407.txt

https://code.google.com/p/mod-spdy/issues/detail?id=85

(Note that this is the first mod_spdy release in a while, and this most recent release might no longer run on Ubuntu 8.04 Hardy. (Hardy has been unsupported for several years now, and is no longer receiving security updates.) If you are running an old Ubuntu system (and cannot upgrade it) with mod_spdy 0.9.4.1 or older, and this new version of mod_spdy won't install for you, you should uninstall mod_spdy completely (not just disable the module) rather than continue to run the old, vulnerable version.)

Reply all

Reply to author

Forward

0 new messages