| Description: | Summary:
The remote host is missing an update for the 'httpd' package(s) announced via the SSA:2015-111-03 advisory.
Vulnerability Insight:
New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.12-i486-1_slack14.1.txz: Upgraded.
This update fixes the following security issues:
* CVE-2014-3583 mod_proxy_fcgi: Fix a potential crash due to buffer
over-read, with response headers' size above 8K.
* CVE-2014-3581 mod_cache: Avoid a crash when Content-Type has an
empty value. PR 56924.
* CVE-2014-8109 mod_lua: Fix handling of the Require line when a
LuaAuthzProvider is used in multiple Require directives with
different arguments. PR57204.
* CVE-2013-5704 core: HTTP trailers could be used to replace HTTP
headers late during request processing, potentially undoing or
otherwise confusing modules that examined or modified request
headers earlier. Adds 'MergeTrailers' directive to restore legacy
behavior.
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+
Affected Software/OS:
'httpd' package(s) on Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware current.
Solution:
Please install the updated package(s).
CVSS Score:
5.0
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
