Fedora 19: 2014-342-11 High Apache Security Flaw Exploit
slackware
August 6, 2013
New httpd packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues
Summary
Here are the details from the Slackware 14.0 ChangeLog: patches/packages/httpd-2.4.6-i486-1_slack14.0.txz: Upgraded. This update addresses two security issues: * SECURITY: CVE-2013-1896 (cve.mitre.org) Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. * SECURITY: CVE-2013-2249 (cve.mitre.org) mod_session_dbd: Make sure that dirty flag is respected when saving sessions, and ensure the session ID is changed each time the session changes. This changes the format of the updatesession SQL statement. Existing configurations must be changed. For more information, see: https://www.cve.org/CVERecord?id=CVE-2013-1896 https://www.cve.org/CVERecord?id=CVE-2013-2249 (* Security fix *)
Topics Covered
Where Find New Packages
Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.
Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.25-i486-1_slack12.1.tgz
Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.25-i486-1_slack12.2.tgz
Updated package for Slackware 13.0:
Updated package for Slackware x86_64 13.0:
Updated package for Slackware 13.1:
Updated package for Slackware x86_64 13.1:
Updated package for Slackware 13.37:
Updated package for Slackware x86_64 13.37:
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:
MD5 Signatures
Slackware 12.1 package:
49e1243c36da3a80140ca7759d2f6dd8 httpd-2.2.25-i486-1_slack12.1.tgz
Slackware 12.2 package:
467c75fe864bc88014e9501329a75285 httpd-2.2.25-i486-1_slack12.2.tgz
Slackware 13.0 package:
b96877782fd2f86204fdd3950b3a77bf httpd-2.2.25-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
392410fffbb3e4e4795e61a5b7d4fc50 httpd-2.2.25-x86_64-1_slack13.0.txz
Slackware 13.1 package:
71a682673a4dcca9be050a4719accbf7 httpd-2.2.25-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
a76f23ceb9189ecb99c04b3b2d3e2e2d httpd-2.2.25-x86_64-1_slack13.1.txz
Slackware 13.37 package:
704bccc4757c957a1ed30c4ffce19394 httpd-2.2.25-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
0cdea77935eeb983e368401856ec2e3c httpd-2.2.25-x86_64-1_slack13.37.txz
Slackware 14.0 package:
37736614680f786b4cc0a8faa095d885 httpd-2.4.6-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
d8901630ba6ecfd020a53512c5f63fc8 httpd-2.4.6-x86_64-1_slack14.0.txz
Slackware -current package:
649f30c4e51e6230fbe247664e0faa9c n/httpd-2.4.6-i486-1.txz
Slackware x86_64 -current package:
b3caf5504257c1172a2768ab114a9ee5 n/httpd-2.4.6-x86_64-1.txz
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Installation instructions: Upgrade the package as root: # upgradepkg httpd-2.4.6-i486-1_slack14.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!