Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||||
Slackware alert SSA:2006-129-01 (apache)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Apache httpd (SSA:2006-129-01) New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352 In addition, new mod_ssl packages for Apache 1.3.35 are available for all of these versions of Slackware, and new versions of PHP are available for Slackware -current. These additional packages do not fix security issues, but may be required on your system depending on your Apache setup. One more note about this round of updates: the packages have been given build versions that indicate which version of Slackware they are meant to patch, such as -1_slack8.1, or -1_slack9.0, etc. This should help to avoid some of the issues with automatic upgrade tools by providing a unique package name when the same fix is deployed across multiple Slackware versions. Only patches applied to -current will have the simple build number, such as -1. Here are the details from the Slackware 10.2 ChangeLog: +--------------------------+ patches/packages/apache-1.3.35-i486-1_slack10.2.tgz: Upgraded to apache-1.3.35. From the official announcement: Of particular note is that 1.3.35 addresses and fixes 1 potential security issue: CVE-2005-3352 (cve.mitre.org) mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352 (* Security fix *) patches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack10.2.tgz: Upgraded to mod_ssl-2.8.26-1.3.35. This is an updated version designed for Apache 1.3.35. +--------------------------+ Where to find the new packages: +-----------------------------+ Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patch... ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patch... Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patch... ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patch... Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patch... ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patch... Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patc... ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patc... Updated package for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patc... ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patc... Updated package for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patc... ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patc... Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/s... ftp://ftp.slackware.com/pub/slackware/slackware-current/s... ftp://ftp.slackware.com/pub/slackware/slackware-current/s... MD5 signatures: +-------------+ Slackware 8.1 packages: 208bbe94a46f8d05e15f1ccdb38f9a91 apache-1.3.35-i386-1_slack8.1.tgz 9172a6d347df033d024a7ba786c47bfe mod_ssl-2.8.26_1.3.35-i386-1_slack8.1.tgz Slackware 9.0 packages: 0482ca192a7b94c254421c717634e628 apache-1.3.35-i386-1_slack9.0.tgz 913763c2e12d6d2a101ce4a539f060f3 mod_ssl-2.8.26_1.3.35-i386-1_slack9.0.tgz Slackware 9.1 packages: d96044932ab33623425c328862a3750f apache-1.3.35-i486-1_slack9.1.tgz ae58ab559c60a475330514dca689d735 mod_ssl-2.8.26_1.3.35-i486-1_slack9.1.tgz Slackware 10.0 packages: 2beb7c88f4f28adbe61e13d79889a27e apache-1.3.35-i486-1_slack10.0.tgz 403f1297bcc9cff0df3f9afcb16d69b6 mod_ssl-2.8.26_1.3.35-i486-1_slack10.0.tgz Slackware 10.1 packages: 4a0b68ddf002a300e536e584c3eb2923 apache-1.3.35-i486-1_slack10.1.tgz f24d6776f221cc61f2b0b98cd1fc1ae9 mod_ssl-2.8.26_1.3.35-i486-1_slack10.1.tgz Slackware 10.2 packages: bbaed7e942e5f1c7380b3def44d54d74 apache-1.3.35-i486-1_slack10.2.tgz e70a300f5c4333ae1d31e8d852b89dc3 mod_ssl-2.8.26_1.3.35-i486-1_slack10.2.tgz Slackware -current packages: b662f564f048ace17eaafc7e50bed7b2 apache-1.3.35-i486-1.tgz c7d403fc891e210d1f1a71c559939cd5 mod_ssl-2.8.26_1.3.35-i486-1.tgz fb78ce30aece8d8718ed722be319dd2b php-4.4.2-i486-4.tgz Installation instructions: +------------------------+ First, stop apache: # apachectl stop Then, upgrade the apache package: # upgradepkg apache-1.3.35-i486-1_slack10.2.tgz If you use mod_ssl, you'll also need to upgrade that package. The upgrade should save the important config files for mod_ssl, nevertheless it's a good idea to backup any keys/certificates you wish to save for mod_ssl (in /etc/apache/ssl.*), then upgrade mod_ssl: # upgradepkg mod_ssl-2.8.26_1.3.35-i486-1_slack10.2.tgz If necessary, restore any mod_ssl config files. If you are using PHP on Slackware -current, upgrade the PHP package. Finally, restart apache: # apachectl start Or, if you use mod_ssl: # apachectl startssl +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux) iD8DBQFEYQqqakRjwEAQIjMRApaqAJ9sPY3cIrYMIw3nDeMMUbys2uJwIQCfS6dN 1FRu06PhavAi7XyCLfpA4kw= =3hdX -----END PGP SIGNATURE----- (Log in to post comments)
|
|||||||||||||