Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Slackware: 2005-310-04 Moderate: Apache Http Request Splitting

slackware
Calendar Grey November 6, 2005
Dist Slackware Esm H88
Revised nginx components for Ubuntu to mitigate vulnerabilities and strengthen system security.
New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix potential security issues: * If a request contains both Transfer-Encoding and C...

Summary

Here are the details from the Slackware 10.2 ChangeLog: patches/packages/apache-1.3.34-i486-1.tgz: Upgraded to apache-1.3.34. Fixes this minor security bug: "If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks." (* Security fix *) patches/packages/mod_ssl-2.8.25_1.3.34-i486-1.tgz: Upgraded to mod_ssl-2.8.25-1.3.34.

Topics%20covered

Topics Covered

security advisory apache security fix Slackware mod_ssl request splitting http attacks

Where Find New Packages

Updated packages for Slackware 8.1:
Updated packages for Slackware 9.0:
Updated packages for Slackware 9.1:
Updated packages for Slackware 10.0:
Updated packages for Slackware 10.1:
Updated packages for Slackware 10.2:
Updated packages for Slackware -current:

MD5 Signatures

Slackware 8.1 packages: 5f49a812d8b9456af9e1843776aad2ea apache-1.3.34-i386-1.tgz 31916dd7d162b10d4e2b200471b90dc9 mod_ssl-2.8.25_1.3.34-i386-1.tgz
Slackware 9.0 packages: 6867b391a99abe9804695e384bb2fc9f apache-1.3.34-i386-1.tgz 60ef5ab93eff3438688c2aeaefc6b2b9 mod_ssl-2.8.25_1.3.34-i386-1.tgz
Slackware 9.1 packages: d63354a6b9a54739dcb14d1c6c2e45ef apache-1.3.34-i486-1.tgz 037056e0241a43d5615fc7358198f56e mod_ssl-2.8.25_1.3.34-i486-1.tgz
Slackware 10.0 packages: ddd47c73ff5ed1fef564ad76907dd8ad apache-1.3.34-i486-1.tgz b95bcd1a58011674a725f6cba271a1d1 mod_ssl-2.8.25_1.3.34-i486-1.tgz
Slackware 10.1 packages: bce588b7116d9f27b84bd831730e37e8 apache-1.3.34-i486-1.tgz dc375cdb6c5f4af75cefb4b1a593caf8 mod_ssl-2.8.25_1.3.34-i486-1.tgz
Slackware 10.2 packages: 2409be9e6daa5046a2f03fa127028903 apache-1.3.34-i486-1.tgz d771b65a5b384448f3899d4e4aa686b8 mod_ssl-2.8.25_1.3.34-i486-1.tgz
Slackware -current packages: 2409be9e6daa5046a2f03fa127028903 apache-1.3.34-i486-1.tgz d771b65a5b384448f3899d4e4aa686b8 mod_ssl-2.8.25_1.3.34-i486-1.tgz

Severity
important
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory apache security fix Slackware mod_ssl request splitting http attacks

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: First, stop apache: # apachectl stop Then, upgrade the apache package: # upgradepkg apache-1.3.34-i486-1.tgz If you use mod_ssl, you'll also need to upgrade that package. The upgrade should save the important config files for mod_ssl, nevertheless it's a good idea to backup any keys/certificates you wish to save for mod_ssl (in /etc/apache/ssl.*), then upgrade mod_ssl: # upgradepkg mod_ssl-2.8.25_1.3.34-i486-1.tgz If necessary, restore any mod_ssl config files. Finally, restart apache: # apachectl start Or, if you use mod_ssl: # apachectl startssl

Related News

Your message here