Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Slackware 13.37: 2011-145-01 Critical Security Update for APR

slackware
Calendar Grey May 25, 2011
Dist Slackware Esm H88
Recent updates for the apr and apr-util packages have been released to address a critical security vulnerability and a stability issue. Find further instructions below for the upgrade process.
New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue in apr and a crash bug in apr-util

Summary

Here are the details from the Slackware 13.37 ChangeLog: patches/packages/apr-1.4.5-i486-1_slack13.37.txz: Upgraded. This fixes a possible denial of service due to a problem with a loop in the new apr_fnmatch() implementation consuming CPU. For more information, see: https://www.cve.org/CVERecord?id=CVE-2011-1928 (* Security fix *) patches/packages/apr-util-1.3.12-i486-1_slack13.37.txz: Upgraded. Fix crash because of NULL cleanup registered by apr_ldap_rebind_init().

Topics%20covered

Topics Covered

security advisory denial of service critical security fix Slackware APR

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated packages for Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apr-1.4.5-i486-1_slack11.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apr-util-1.3.12-i486-1_slack11.0.tgz
Updated packages for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-1.4.5-i486-1_slack12.0.tgz
Updated packages for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-1.4.5-i486-1_slack12.1.tgz
...

Read the Full Advisory

MD5 Signatures

Slackware 11.0 package: 9a057c739c57c2cf6b28137ec184c1d7 apr-1.4.5-i486-1_slack11.0.tgz 28e6fc4ad6154d5b36fef9bcf2ae3b0d apr-util-1.3.12-i486-1_slack11.0.tgz
Slackware 12.0 package: ea91c341418d0b6053b72c71ce93467b apr-1.4.5-i486-1_slack12.0.tgz 7ec023aacd371fd64e54756907122cbe apr-util-1.3.12-i486-1_slack12.0.tgz
Slackware 12.1 package: 49be6cd89d47c84379ea30e6249e9d49 apr-1.4.5-i486-1_slack12.1.tgz 10f67a95896a8c84a167302fad5fcdfa apr-util-1.3.12-i486-1_slack12.1.tgz
Slackware 12.2 package: 187f96a16be96fa071657a3c94a1407c apr-1.4.5-i486-1_slack12.2.tgz 77a035ee720d915755ba309b1afcc75d apr-util-1.3.12-i486-1_slack12.2.tgz
Slackware 13.0 package: 48c4b2d5cd4304beaffb0b906267fb3e apr-1.4.5-i486-1_slack13.0.txz 37d6ee4d6d754daf5ef4b4aeea7a8de1 apr-util-1.3.12-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 24fd22fe3bf0470b5e0e6ad6d0de6821 apr-1.4.5-x86_64-1_slack13.0.txz 1b5ef4984af5c1c521a9bbf7f20fd3c7 apr-util-1.3.12-x86_64-1_slack13.0.txz
Slackware 13.1 package: f19ef60074da3f0ab6bcd322b2bbaf73 apr-1.4.5-i486-1_slack13.1.txz 133980a1c64e0df52281c787cdd6ede0 apr-util-1.3.12-i486-1_slack13.1.txz
Slackware 13.37 package: cc7dcb9cc1134038b419159424b37439 apr-1.4.5-i486-1_slack13.37.txz 573192de48352460635ee2c450548519 apr-util-1.3.12-i486-1_slack13.37.txz
Slackware x86_64 13.1 package: e70b9855fad1766253e4450f6116c016 apr-1.4.5-x86_64-1_slack13.1.txz 56181dc8e34bfe60eafde44a0110e577 apr-util-1.3.12-x86_64-1_slack13.1.txz
Slackware x86_64 13.37 package: a7f1de61bfe9b3cc20e6450cb502cbf5 apr-1.4.5-x86_64-1_slack13.37.txz 3bb4543e87ed8b7be0d52f67343f061a apr-util-1.3.12-x86_64-1_slack13.37.txz
Slackware -current package: fbf028ab5a37872fb97bde61516082df apr-1.4.5-i486-1.txz 56d207c602e63937544d0cf9ce767826 apr-util-1.3.12-i486-1.txz
Slackware x86_64 -current package: d5e5b70a662a4f8da87bd6bdefd655c4 apr-1.4.5-x86_64-1.txz eba8994761fb58e291b0a9d813c078e3 apr-util-1.3.12-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory denial of service critical security fix Slackware APR

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg apr-1.4.5-i486-1_slack13.37.txz apr-util-1.3.12-i486-1_slack13.37.txz

Related News

Your message here