27 Jul
2005
27 Jul
'05
20:02
John wrote:
hello all
Hi John
I noticed that /usr/sbin/httpd2-prefork has new timestamp (22/jul) but the same size (in bytes) with the older one.
AFAIK the patch was just a small one, the vulnerability is a off-by-one error in mod_ssl. What exactly has changed can be found here: http://svn.apache.org/viewcvs.cgi/httpd/httpd/trunk/modules/ssl/ssl_engine_k...
Can anyone explain to me what does this mean? How the patch has fit in that binary and the size remains the same?
If you want to be totally sure, if you have got the changed binary in your chroot environment calculate an md5 hash over the old and the new file, the md5sums should differ. Regards Reto