Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Slackware: 2019-022-01 Moderate: Httpd Security Fixes and Updates

slackware
Calendar Grey January 23, 2019
Dist Slackware Esm H88
Updated httpd packages available for Slackware to fix various security flaws and vulnerabilities discovered in the application.
New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/httpd-2.4.38-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. mod_session: mod_session_cookie does not respect expiry time allowing sessions to be reused. [Hank Ibell] mod_http2: fixes a DoS attack vector. By sending slow request bodies to resources not consuming them, httpd cleanup code occupies a server thread unnecessarily. This was changed to an immediate stream reset which discards all stream state and incoming data. [Stefan Eissing] mod_ssl: Fix infinite loop triggered by a client-initiated renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and later. PR 63052. [Joe Orton] For more information, see: https://www.cve.org/CVERecord?id=CVE-2018-17199 https://www.cve.org/CVERecord?id=CVE-2018-17189 https://www.cve.org/CVERecord?id=CVE-2019-0190 (* Security fix *)

Topics%20covered

Topics Covered

security advisory httpd slackware session management dos

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.0 package: 0adec00319bf7b7cdc6fed26e4309233 httpd-2.4.38-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 4f1cf21ed7894aa45705fb0ece40d48f httpd-2.4.38-x86_64-1_slack14.0.txz
Slackware 14.1 package: eb5d175119448650625b3cb4815f0dbc httpd-2.4.38-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: d48c93611cc57a80f3cb8b719feda7a4 httpd-2.4.38-x86_64-1_slack14.1.txz
Slackware 14.2 package: e0c60fa30ab8676f935e6a5aed719c59 httpd-2.4.38-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: c4efb726bf6fab65ed2340ac1e6c9731 httpd-2.4.38-x86_64-1_slack14.2.txz
Slackware -current package: 28055e1d52dd60e0d53681ac85b9d093 n/httpd-2.4.38-i586-1.txz
Slackware x86_64 -current package: 5d0f9e0ca0bb8add0ec6b4938497e465 n/httpd-2.4.38-x86_64-1.txz

Severity
important
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory httpd slackware session management dos

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg httpd-2.4.38-i586-1_slack14.2.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start

Related News

Your message here