See the bugtraq advisory "mod_ssl Buffer Overflow Condition (Update Available)".
mod_ssl releases prior to 2.8.7-1.3.23 use openssl in an overflowable fashion.
rev'ing these will also require rev of apache
Any idea when to expect errata on this? Has anyone confirmed that it is
errata just released with a backported fix.... I'm closing this.