Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Slackware: 2009-214-01 Critical: Httpd Denial-Of-Service

slackware
Calendar Grey August 2, 2009
Dist Slackware Esm H88
Updated HTTPD versions for Slackware 12.x are now available to address significant security vulnerabilities and enhance server performance.
New httpd packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix security issues

Summary

Here are the details from the Slackware 12.2 ChangeLog: patches/packages/httpd-2.2.12-i486-1_slack12.2.tgz: Upgraded. This update fixes some security issues (from the CHANGES file): *) SECURITY: CVE-2009-1891 (cve.mitre.org) Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. PR 39605. [Joe Orton, Ruediger Pluem] *) SECURITY: CVE-2009-1195 (cve.mitre.org) Prevent the "Includes" Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it. [Jonathan Peatfield , Joe Orton, Ruediger Pluem, Jeff Trawick] *) SECURITY: CVE-2009-1890 (cve.mitre.org) Fix a potential Denial-of-Service attack against mod_proxy in a reverse proxy configuration, where a remote attacker can force a proxy process to consume CPU time indefinitely. [Nick Kew, Joe

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service security update critical httpd slackware server patches

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 12.0:
Updated package for Slackware 12.1:
Updated package for Slackware 12.2:
Updated package for Slackware -current:
Updated package for Slackware64 -current:

MD5 Signatures

Slackware 12.0 package: 1ef7c8d65f8d7398abfcde3dd46aed7f httpd-2.2.12-i486-1_slack12.0.tgz
Slackware 12.1 package: 349f4437fb4c2573a134c3485dda0265 httpd-2.2.12-i486-1_slack12.1.tgz
Slackware 12.2 package: 253406ed8801276a635008d7749db55f httpd-2.2.12-i486-1_slack12.2.tgz
Slackware -current package: 4a2ffd0ef9184fed93f651b83f6eaf6a httpd-2.2.12-i486-1.txz
Slackware64 -current package: 560b607f09a934a46fc3112a2659b06b httpd-2.2.12-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory denial of service security update critical httpd slackware server patches

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg httpd-2.2.12-i486-1_slack12.2.tgz Then, restart the httpd server.

Related News

Your message here