Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Slackware 10.2: 2006-129-01 Critical Apache Cross-Site Scripting

slackware
Calendar Grey May 9, 2006
Dist Slackware Esm H88
For the latest Apache security updates for Slackware distributions, check the official Slackware security advisory page. Stay updated on vulnerabilities and enhancements for your system.
New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues

Summary

Here are the details from the Slackware 10.2 ChangeLog: patches/packages/apache-1.3.35-i486-1_slack10.2.tgz: Upgraded to apache-1.3.35. From the official announcement: Of particular note is that 1.3.35 addresses and fixes 1 potential security issue: CVE-2005-3352 (cve.mitre.org) mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT For more information, see: https://www.cve.org/CVERecord?id=CVE-2005-3352 (* Security fix *) patches/packages/mod_ssl-2.8.26_1.3.35-i486-1_slack10.2.tgz: Upgraded to mod_ssl-2.8.26-1.3.35. This is an updated version designed for Apache 1.3.35.

Topics%20covered

Topics Covered

security advisory cross-site scripting critical fix security patch Slackware mod_ssl Apache update

Where Find New Packages

Updated package for Slackware 8.1:
Updated package for Slackware 9.0:
Updated package for Slackware 9.1:
Updated package for Slackware 10.0:
Updated package for Slackware 10.1:
Updated package for Slackware 10.2:
Updated package for Slackware -current:

MD5 Signatures

Slackware 8.1 packages: 208bbe94a46f8d05e15f1ccdb38f9a91 apache-1.3.35-i386-1_slack8.1.tgz 9172a6d347df033d024a7ba786c47bfe mod_ssl-2.8.26_1.3.35-i386-1_slack8.1.tgz
Slackware 9.0 packages: 0482ca192a7b94c254421c717634e628 apache-1.3.35-i386-1_slack9.0.tgz 913763c2e12d6d2a101ce4a539f060f3 mod_ssl-2.8.26_1.3.35-i386-1_slack9.0.tgz
Slackware 9.1 packages: d96044932ab33623425c328862a3750f apache-1.3.35-i486-1_slack9.1.tgz ae58ab559c60a475330514dca689d735 mod_ssl-2.8.26_1.3.35-i486-1_slack9.1.tgz
Slackware 10.0 packages: 2beb7c88f4f28adbe61e13d79889a27e apache-1.3.35-i486-1_slack10.0.tgz 403f1297bcc9cff0df3f9afcb16d69b6 mod_ssl-2.8.26_1.3.35-i486-1_slack10.0.tgz
Slackware 10.1 packages: 4a0b68ddf002a300e536e584c3eb2923 apache-1.3.35-i486-1_slack10.1.tgz f24d6776f221cc61f2b0b98cd1fc1ae9 mod_ssl-2.8.26_1.3.35-i486-1_slack10.1.tgz
Slackware 10.2 packages: bbaed7e942e5f1c7380b3def44d54d74 apache-1.3.35-i486-1_slack10.2.tgz e70a300f5c4333ae1d31e8d852b89dc3 mod_ssl-2.8.26_1.3.35-i486-1_slack10.2.tgz
Slackware -current packages: b662f564f048ace17eaafc7e50bed7b2 apache-1.3.35-i486-1.tgz c7d403fc891e210d1f1a71c559939cd5 mod_ssl-2.8.26_1.3.35-i486-1.tgz fb78ce30aece8d8718ed722be319dd2b php-4.4.2-i486-4.tgz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory cross-site scripting critical fix security patch Slackware mod_ssl Apache update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: First, stop apache: # apachectl stop Then, upgrade the apache package: # upgradepkg apache-1.3.35-i486-1_slack10.2.tgz If you use mod_ssl, you'll also need to upgrade that package. The upgrade should save the important config files for mod_ssl, nevertheless it's a good idea to backup any keys/certificates you wish to save for mod_ssl (in /etc/apache/ssl.*), then upgrade mod_ssl: # upgradepkg mod_ssl-2.8.26_1.3.35-i486-1_slack10.2.tgz If necessary, restore any mod_ssl config files. If you are using PHP on Slackware -current, upgrade the PHP package. Finally, restart apache: # apachectl start Or, if you use mod_ssl: # apachectl startssl

Related News

Your message here