-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  apache (SSA:2008-045-02)

New apache 1.3.41 packages are available for Slackware 8.1, 9.0, 9.1,
10.0, 10.1, 10.2, and 11.0 to fix security issues.

A new matching mod_ssl package is also provided.

More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847


Here are the details from the Slackware 11.0 ChangeLog:
+--------------------------+
patches/packages/apache-1.3.41-i486-1_slack11.0.tgz:
  Upgraded to apache-1.3.41, the last regular release of the
  Apache 1.3.x series, and a security bugfix-only release.
  For more information about the security issues fixed, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
  (* Security fix *)
patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack11.0.tgz:
  Upgraded to mod_ssl-2.8.31-1.3.41 to work with apache_1.3.41.
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated packages for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.41-i386-1_slack8.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mod_ssl-2.8.31_1.3.41-i386-1_slack8.1.tgz

Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/apache-1.3.41-i386-1_slack9.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mod_ssl-2.8.31_1.3.41-i386-1_slack9.0.tgz

Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/apache-1.3.41-i486-1_slack9.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack9.1.tgz

Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/apache-1.3.41-i486-1_slack10.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack10.0.tgz

Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/apache-1.3.41-i486-1_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack10.1.tgz

Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/apache-1.3.41-i486-1_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack10.2.tgz

Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apache-1.3.41-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack11.0.tgz


MD5 signatures:
+-------------+

Slackware 8.1 packages:
6cc8d3c128d52a3d27ca37b7456ff1fe  apache-1.3.41-i386-1_slack8.1.tgz
9ae1dcb8bb7b9bc88fde88d16212e734  mod_ssl-2.8.31_1.3.41-i386-1_slack8.1.tgz

Slackware 9.0 packages:
c26a86befaa00c1111b49c22d9e85cd8  apache-1.3.41-i386-1_slack9.0.tgz
774d1613a29bba8b96c0b446d63ddc39  mod_ssl-2.8.31_1.3.41-i386-1_slack9.0.tgz

Slackware 9.1 packages:
5f80ea085bbca07a22b1110e7e292d8a  apache-1.3.41-i486-1_slack9.1.tgz
7f4979e63af16c53557700f4df7b86d1  mod_ssl-2.8.31_1.3.41-i486-1_slack9.1.tgz

Slackware 10.0 packages:
5147add3bc234f7615db078ce2a8cab1  apache-1.3.41-i486-1_slack10.0.tgz
329cc9a783d7dd7d31bdec5f4c8a4a23  mod_ssl-2.8.31_1.3.41-i486-1_slack10.0.tgz

Slackware 10.1 packages:
4ee6b38b92e8c8ccf6b31f7361d78b71  apache-1.3.41-i486-1_slack10.1.tgz
a3f9efb14872870944e641376adadbff  mod_ssl-2.8.31_1.3.41-i486-1_slack10.1.tgz

Slackware 10.2 packages:
4c797d094998917086c3b5930e5a5c02  apache-1.3.41-i486-1_slack10.2.tgz
283b72160550a9fc3edd628f4efa460f  mod_ssl-2.8.31_1.3.41-i486-1_slack10.2.tgz

Slackware 11.0 packages:
7698a1518b7d0d423c807e76e2714e87  apache-1.3.41-i486-1_slack11.0.tgz
3a18465e0e2bc2dfe1d1be2c94c38a90  mod_ssl-2.8.31_1.3.41-i486-1_slack11.0.tgz


Installation instructions:
+------------------------+

First, stop apache:

# apachectl stop

Then, upgrade the packages:

# upgradepkg apache-1.3.41-i486-1_slack11.0.tgz mod_ssl-2.8.31_1.3.41-i486-1_slack11.0.tgz

Finally, restart apache:

# apachectl start

Or, if you use mod_ssl:

# apachectl startssl


+-----+

Slackware: 2008-045-02: apache Security Update

February 15, 2008
New apache 1.3.41 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues

Summary

Here are the details from the Slackware 11.0 ChangeLog: patches/packages/apache-1.3.41-i486-1_slack11.0.tgz: Upgraded to apache-1.3.41, the last regular release of the Apache 1.3.x series, and a security bugfix-only release. For more information about the security issues fixed, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 (* Security fix *) patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack11.0.tgz: Upgraded to mod_ssl-2.8.31-1.3.41 to work with apache_1.3.41.

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated packages for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.41-i386-1_slack8.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mod_ssl-2.8.31_1.3.41-i386-1_slack8.1.tgz
Updated packages for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/apache-1.3.41-i386-1_slack9.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/mod_ssl-2.8.31_1.3.41-i386-1_slack9.0.tgz
Updated packages for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/apache-1.3.41-i486-1_slack9.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack9.1.tgz
Updated packages for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/apache-1.3.41-i486-1_slack10.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack10.0.tgz
Updated packages for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/apache-1.3.41-i486-1_slack10.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack10.1.tgz
Updated packages for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/apache-1.3.41-i486-1_slack10.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack10.2.tgz
Updated packages for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apache-1.3.41-i486-1_slack11.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/mod_ssl-2.8.31_1.3.41-i486-1_slack11.0.tgz

MD5 Signatures

Slackware 8.1 packages: 6cc8d3c128d52a3d27ca37b7456ff1fe apache-1.3.41-i386-1_slack8.1.tgz 9ae1dcb8bb7b9bc88fde88d16212e734 mod_ssl-2.8.31_1.3.41-i386-1_slack8.1.tgz
Slackware 9.0 packages: c26a86befaa00c1111b49c22d9e85cd8 apache-1.3.41-i386-1_slack9.0.tgz 774d1613a29bba8b96c0b446d63ddc39 mod_ssl-2.8.31_1.3.41-i386-1_slack9.0.tgz
Slackware 9.1 packages: 5f80ea085bbca07a22b1110e7e292d8a apache-1.3.41-i486-1_slack9.1.tgz 7f4979e63af16c53557700f4df7b86d1 mod_ssl-2.8.31_1.3.41-i486-1_slack9.1.tgz
Slackware 10.0 packages: 5147add3bc234f7615db078ce2a8cab1 apache-1.3.41-i486-1_slack10.0.tgz 329cc9a783d7dd7d31bdec5f4c8a4a23 mod_ssl-2.8.31_1.3.41-i486-1_slack10.0.tgz
Slackware 10.1 packages: 4ee6b38b92e8c8ccf6b31f7361d78b71 apache-1.3.41-i486-1_slack10.1.tgz a3f9efb14872870944e641376adadbff mod_ssl-2.8.31_1.3.41-i486-1_slack10.1.tgz
Slackware 10.2 packages: 4c797d094998917086c3b5930e5a5c02 apache-1.3.41-i486-1_slack10.2.tgz 283b72160550a9fc3edd628f4efa460f mod_ssl-2.8.31_1.3.41-i486-1_slack10.2.tgz
Slackware 11.0 packages: 7698a1518b7d0d423c807e76e2714e87 apache-1.3.41-i486-1_slack11.0.tgz 3a18465e0e2bc2dfe1d1be2c94c38a90 mod_ssl-2.8.31_1.3.41-i486-1_slack11.0.tgz

Severity
[slackware-security] apache (SSA:2008-045-02)
New apache 1.3.41 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues.
A new matching mod_ssl package is also provided.
More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847

Installation Instructions

Installation instructions: First, stop apache: # apachectl stop Then, upgrade the packages: # upgradepkg apache-1.3.41-i486-1_slack11.0.tgz mod_ssl-2.8.31_1.3.41-i486-1_slack11.0.tgz Finally, restart apache: # apachectl start Or, if you use mod_ssl: # apachectl startssl

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved