English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 150599 CVE descriptions
and 73533 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  Apache httpd redux (SSA:2006-130-01)

New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, and -current to fix a bug with Apache 1.3.35 and glibc that
breaks wildcards in Include directives.  It may not occur with all
versions of glibc, but it has been verified on -current (using an Include
within a file already Included causes a crash), so better to patch it
and reissue these packages just to be sure.  My apologies if the last
batch of updates caused anyone undue grief...  they worked here with my
(too simple?) config files.

Note that if you use mod_ssl, you'll also require the mod_ssl package
that was part of yesterday's release, and on -current you'll need the
newest PHP package (if you use PHP).

Thanks to Francesco Gringoli for bringing this issue to my attention.


Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/apache-1.3.35-i486-2_slack10.2.tgz:
  Patched to fix totally broken Include behavior.
  Thanks to Francesco Gringoli for reporting this bug.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.35-i386-2_slack8.1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/apache-1.3.35-i386-2_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/apache-1.3.35-i486-2_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/apache-1.3.35-i486-2_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/apache-1.3.35-i486-2_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/apache-1.3.35-i486-2_slack10.2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/apache-1.3.35-i486-2.tgz


MD5 signatures:
+-------------+

Slackware 8.1 package:
3affa50debe634e148d8cfed98733a47  apache-1.3.35-i386-2_slack8.1.tgz

Slackware 9.0 package:
d3d5c446c6b16c84d17a43c0e836071c  apache-1.3.35-i386-2_slack9.0.tgz

Slackware 9.1 package:
daa91eb34cd487f7621301f95ac931ce  apache-1.3.35-i486-2_slack9.1.tgz

Slackware 10.0 package:
d4031f1dc80659091c9b83a9bfed2a9e  apache-1.3.35-i486-2_slack10.0.tgz

Slackware 10.1 package:
a1239458270ae312f4d7f510cbd9785b  apache-1.3.35-i486-2_slack10.1.tgz

Slackware 10.2 package:
78130e24c739ea5c3569a0ab6647a7df  apache-1.3.35-i486-2_slack10.2.tgz

Slackware -current packages:
4b961ce755054c1820988ff0192922ad  apache-1.3.35-i486-2.tgz


Installation instructions:
+------------------------+

First, stop apache:

# apachectl stop

Then, upgrade the apache package:

# upgradepkg apache-1.3.35-i486-2_slack10.2.tgz

Finally, restart apache:

# apachectl start

Or, if you use mod_ssl:

# apachectl startssl


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFEYlgpakRjwEAQIjMRAhLkAJ0fv6adt0ax/DkSlP7DdCcEv6evggCbBkzy
qHwX74fYu+DZAnYynIkEaCw=
=b1F1
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.