Slackware 10.0: 2004-305-01 Moderate: Apache Buffer Overflow Threat

slackware

November 1, 2004

New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix a security issue

Summary

Here are the details from the Slackware 10.0 ChangeLog: patches/packages/apache-1.3.33-i486-1.tgz: Upgraded to apache-1.3.33. This fixes one new security issue (the first issue, CAN-2004-0492, was fixed in apache-1.3.33). The second bug fixed in 1.3.3 (CAN-2004-0940) allows a local user who can create SSI documents to become "nobody". The amount of mischief they could cause as nobody seems low at first glance, but it might allow them to use kill or killall as nobody to try to create a DoS. Mention PHP's mhash dependency in httpd.conf (thanks to Jakub Jankowski). (* Security fix *) patches/packages/mod_ssl-2.8.22_1.3.33-i486-1.tgz: Upgraded to mod_ssl-2.8.22_1.3.33.

Topics Covered

security advisory buffer overflow software update apache slackware local execution mod_ssl

Where Find New Packages

Updated packages for Slackware 8.1:
Updated packages for Slackware 9.0:
Updated packages for Slackware 9.1:
Updated packages for Slackware 10.0:
Updated packages for Slackware -current:

MD5 Signatures

Slackware 8.1 packages: 53a9c132945eb4335aacfcb21d5996e0 apache-1.3.33-i386-1.tgz b0a95e205d3e88597aa9f1241ca7354f mod_ssl-2.8.22_1.3.33-i386-1.tgz
Slackware 9.0 packages: 429df7fa01205e5c12d3728f4987609f apache-1.3.33-i386-1.tgz af8345a9edf17dbd4e141b46d908990a mod_ssl-2.8.22_1.3.33-i386-1.tgz
Slackware 9.1 packages: adb43447a8abcb7a6100343585d762db apache-1.3.33-i486-1.tgz 00c1338c5c6db89960eb53ac4495ba41 mod_ssl-2.8.22_1.3.33-i486-1.tgz
Slackware 10.0 packages: 22db37b8d3e7a32b75a274520e11e272 apache-1.3.33-i486-1.tgz 1968e2361039e07f69658665dafcf56a mod_ssl-2.8.22_1.3.33-i486-1.tgz
Slackware -current packages: c450863cad0ed3771fea628d506b8caf apache-1.3.33-i486-1.tgz 44fdebabf6130cd2fc4e048f5d619683 mod_ssl-2.8.22_1.3.33-i486-1.tgz

Topics Covered

security advisory buffer overflow software update apache slackware local execution mod_ssl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: First, stop apache: # apachectl stop Next, upgrade the Apache package as root: # upgradepkg apache-1.3.33-i486-1.tgz For mod_ssl users, IMPORTANT: Backup any keys/certificates you wish to save for mod_ssl (in /etc/apache/ssl.*), then upgrade mod_ssl: # upgradepkg mod_ssl-2.8.22_1.3.33-i486-1.tgz If necessary, restore any mod_ssl config files. Finally, restart apache: # apachectl start Or, if you're running a secure server with mod_ssl: # apachectl startssl

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Slackware 10.0: 2004-305-01 Moderate: Apache Buffer Overflow Threat

Summary

Topics Covered

Where Find New Packages

MD5 Signatures

Topics Covered

Get the latest News and Insights

Installation Instructions

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Slackware 10.0: 2004-305-01 Moderate: Apache Buffer Overflow Threat

Summary

Topics Covered

Where Find New Packages

MD5 Signatures

Topics Covered

Get the latest News and Insights

Installation Instructions

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!