Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Slackware: 2011-133-01 Critical: apr/apr-util DoS Threat Fix

slackware
Calendar Grey May 14, 2011
Dist Slackware Esm H88
Recent updates to the apr and apr-util packages address a denial-of-service vulnerability affecting several Slackware versions, bolstering overall system protection.
New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue

Summary

Here are the details from the Slackware 13.37 ChangeLog: patches/packages/apr-1.4.4-i486-1_slack13.37.txz: Upgraded. This fixes a possible denial of service due to an unconstrained, recursive invocation of apr_fnmatch(). This function has been reimplemented using a non-recursive algorithm. Thanks to William Rowe. For more information, see: https://www.cve.org/CVERecord?id=CVE-2011-0419 (* Security fix *) patches/packages/apr-util-1.3.11-i486-1_slack13.37.txz: Upgraded.

Topics%20covered

Topics Covered

security advisory denial of service security update slackware software fix apr-util apr

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 11.0:
Updated package for Slackware 12.0:
Updated package for Slackware 12.1:
Updated package for Slackware 12.2:
Updated package for Slackware 13.0:
Updated package for Slackware x86_64 13.0:
Updated package for Slackware 13.1:
Updated package for Slackware 13.37:
Updated package for Slackware x86_64 13.1:
Updated package for Slackware x86_64 13.37:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 11.0 package: 0b18b21f2709e592f2d829323c8db2bd apr-1.4.4-i486-1_slack11.0.tgz 6313ea5ec365a07c86eaaba2ae5a7696 apr-util-1.3.11-i486-1_slack11.0.tgz
Slackware 12.0 package: b9b2c76b963a9dcba68c54172dbfd2e8 apr-1.4.4-i486-1_slack12.0.tgz 015ad6f362a378efd18f12cb9ecc7c9d apr-util-1.3.11-i486-1_slack12.0.tgz
Slackware 12.1 package: 9e80da5d7f8f823a2ed9936b3cd0269b apr-1.4.4-i486-1_slack12.1.tgz 00ab57f63b1c30c7cf6cfcea365badb1 apr-util-1.3.11-i486-1_slack12.1.tgz
Slackware 12.2 package: aee097dbd39db150302d02f86d92609e apr-1.4.4-i486-1_slack12.2.tgz e61f61b8723bd06da8275e015ea03eac apr-util-1.3.11-i486-1_slack12.2.tgz
Slackware 13.0 package: 023e7e77f01816d92a707546d570ec79 apr-1.4.4-i486-1_slack13.0.txz e168ac8e42e201c7af87c3fd231ec95f apr-util-1.3.11-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 7343a01be2f8a38118c75aa5133a7958 apr-1.4.4-x86_64-1_slack13.0.txz 458a11c15ed52db5b510c7d1aea065d5 apr-util-1.3.11-x86_64-1_slack13.0.txz
Slackware 13.1 package: 39a284a31204f0572d9e732df2e51c92 apr-1.4.4-i486-1_slack13.1.txz fd264ef731d61afa627489dec1ed6d37 apr-util-1.3.11-i486-1_slack13.1.txz
Slackware 13.37 package: 2afbb475a8a0e4b5f48d42d2ba49a668 apr-1.4.4-i486-1_slack13.37.txz a0e0f77943e718f26c448f7da7590406 apr-util-1.3.11-i486-1_slack13.37.txz
Slackware x86_64 13.1 package: 232289470e6486f08f7b9ee3755c055e apr-1.4.4-x86_64-1_slack13.1.txz 777badbae85f141b55b370337967c55c apr-util-1.3.11-x86_64-1_slack13.1.txz
Slackware x86_64 13.37 package: 9a2d329a4cdabb9369e9ed7e78cdffcf apr-1.4.4-x86_64-1_slack13.37.txz 6ba07cc7e5cab3ac648d0012783fe455 apr-util-1.3.11-x86_64-1_slack13.37.txz
Slackware -current package: 4e010ab165a7504563f316db5b0e34ac apr-1.4.4-i486-1.txz 7c4c1d8febf9e51a95b627e6631ea2b2 apr-util-1.3.11-i486-1.txz
Slackware x86_64 -current package: 5707d225f07da633c67773f6cc6d3fd6 apr-1.4.4-x86_64-1.txz 31d3ce32a2e964ab3128804077cdccd0 apr-util-1.3.11-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory denial of service security update slackware software fix apr-util apr

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg apr-1.4.4-i486-1_slack13.37.txz apr-util-1.3.11-i486-1_slack13.37.txz

Related News

Your message here