apache-ssl & mod_ssl buffer overflow

적수네 새소식에 올라온 글이고 mod_ssl( http://www.modssl.org )에는 이미 패치가 올라와있습니다.
apache-ssl 이나 mod_ssl을 이용해 사이트를 운영중이라면 바로 패치하시기 바랍니다.
ps.어제 그리고 오늘 또 서버를 새로 컴파일했군요 -_-;; 패치없는세상이 언제올라나... 그래도 보안문제점이 있거나
허술한것보다는 빠른패치가 좋겠죠 ;-)
 원문: http://www.apache-ssl.org/advisory-20020301.txt #########################################################
Apache-SSL buffer overflow condition (all versions prior to 1.3.22+1.46) ---------------------------------------------------------
Synopsis --------
A buffer overflow was recently found in mod_ssl, see: http://archives.neohapsis.com/archives/bugtraq/2002-02/0313.html for details. The offending code in mod_ssl was, in fact, derived from Apache-SSL, and Apache-SSL is also vulnerable.
As in mod_ssl, this flaw can only be exploited if client certificates are being used, and the certificate in question must be issued by a trusted CA.
Fix --- Download Apache-SSL 1.3.22+1.46 from the usual places (see http://www.apache-ssl.org/).
Acknowledgements ----------------
Thanks to Ed Moyle for finding the flaw.
Rant ---- No thanks to anyone at all for alerting me before going public. Cheers, guys.