| |||||||||||||
Slackware alert SSA:2006-209-01 (apache)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Apache httpd (SSA:2006-209-01) New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue with mod_rewrite. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747 In addition, new mod_ssl packages for Apache 1.3.37 are available for all of these versions of Slackware. This additional package does not fix a security issue, but may be required on your system depending on your Apache setup. Here are the details from the Slackware 10.2 ChangeLog: +--------------------------+ patches/packages/apache-1.3.37-i486-1_slack10.2.tgz: Upgraded to apache-1.3.37. From the announcement on httpd.apache.org: This version of Apache is security fix release only. An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0. The Slackware Security Team feels that the vast majority of installations will not be configured in a vulnerable way but still suggests upgrading to the new apache and mod_ssl packages for maximum security. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747 And see Apache's announcement here: http://www.apache.org/dist/httpd/Announcement1.3.html (* Security fix *) patches/packages/mod_ssl-2.8.28_1.3.37-i486-1_slack10.2.tgz: Upgraded to mod_ssl-2.8.28-1.3.37. +--------------------------+ Where to find the new packages: +-----------------------------+ Updated packages for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patch... ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patch... Updated packages for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patch... ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patch... Updated packages for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patch... ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patch... Updated packages for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patc... ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patc... Updated packages for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patc... ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patc... Updated packages for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patc... ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patc... Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/s... ftp://ftp.slackware.com/pub/slackware/slackware-current/s... MD5 signatures: +-------------+ Slackware 8.1 packages: 55d47a6b97a9d7a22c7a763516efcea8 apache-1.3.37-i386-1_slack8.1.tgz 1368c7ae40208b163f3206f3e22048ff mod_ssl-2.8.28_1.3.37-i386-1_slack8.1.tgz Slackware 9.0 packages: 99ce9375d240afd31b9106adec400815 apache-1.3.37-i386-1_slack9.0.tgz 5a61caaf9f4165212907e6a296356c43 mod_ssl-2.8.28_1.3.37-i386-1_slack9.0.tgz Slackware 9.1 packages: 25a4d00152a314a0725d911042e96401 apache-1.3.37-i486-1_slack9.1.tgz 7cc5b41158adf19a069897add2700afa mod_ssl-2.8.28_1.3.37-i486-1_slack9.1.tgz Slackware 10.0 packages: 84542fd4e9b31a5607810ccf4a37a103 apache-1.3.37-i486-1_slack10.0.tgz dc47b69b0609f94a68196d07c42d563f mod_ssl-2.8.28_1.3.37-i486-1_slack10.0.tgz Slackware 10.1 packages: d442b2fa446eb41592ad2b0b8f9bf836 apache-1.3.37-i486-1_slack10.1.tgz fc5dc2154b3d906a91745761a9511276 mod_ssl-2.8.28_1.3.37-i486-1_slack10.1.tgz Slackware 10.2 packages: 289a0160cce32539318b6155e112905d apache-1.3.37-i486-1_slack10.2.tgz f115fb6e615f2688e182a7696b63f76e mod_ssl-2.8.28_1.3.37-i486-1_slack10.2.tgz Slackware -current packages: 8031dea830403ed012b6cf12795dd219 apache-1.3.37-i486-1.tgz fb24b42306a8731b1fcce93c90f99ded mod_ssl-2.8.28_1.3.37-i486-1.tgz Installation instructions: +------------------------+ First, stop apache: # apachectl stop Then, upgrade the apache package: # upgradepkg apache-1.3.37-i486-1_slack10.2.tgz mod_ssl-2.8.28_1.3.37-i486-1_slack10.2.tgz Finally, restart apache: # apachectl start Or, if you use mod_ssl: # apachectl startssl +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux) iD8DBQFEypX4akRjwEAQIjMRAsGoAKCKEIXGmmj8mVMXaH34Dn5lTqvqtQCcCJx5 jk39xxMkaGiJ/nmima9WMMs= =GZk2 -----END PGP SIGNATURE----- (Log in to post comments)
|
|||||||||||||