Slackware: 2020-124-03 Important: HTTPD Buffer Overflow Vulnerability

slackware

April 6, 2019

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/httpd-2.4.39-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process by manipulating the scoreboard. For more information, see: https://www.cve.org/CVERecord?id=CVE-2019-0211 (* Security fix *)

Topics Covered

security advisory critical arbitrary code execution security fix httpd slackware apache update

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.0 package: ef8dc6c74f67c20f69e45d367c69d91e httpd-2.4.39-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 213e093ac572698139ce27bf378a0bec httpd-2.4.39-x86_64-1_slack14.0.txz
Slackware 14.1 package: 4191bba2f5d138a5bfd7a65e7d8a01cc httpd-2.4.39-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 177aaf7e527a5eb2c4de2b6f1b6d03ea httpd-2.4.39-x86_64-1_slack14.1.txz
Slackware 14.2 package: d9b05dfe83204233ab7c4ffa46ee8936 httpd-2.4.39-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 7f21336828b6b8db4ffd74d3ffadf249 httpd-2.4.39-x86_64-1_slack14.2.txz
Slackware -current package: 002df106ca8a8ce88cf6abbe5dd7518a n/httpd-2.4.39-i586-1.txz
Slackware x86_64 -current package: d1ed25cdbb792326e2fe3f7f28a3d901 n/httpd-2.4.39-x86_64-1.txz

Severity

important

Lowest

Low

Medium

High

Critical

Topics Covered

security advisory critical arbitrary code execution security fix httpd slackware apache update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg httpd-2.4.39-i586-1_slack14.2.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Slackware: 2020-124-03 Important: HTTPD Buffer Overflow Vulnerability

Summary

Topics Covered

Where Find New Packages

MD5 Signatures

Topics Covered

Get the latest News and Insights

Installation Instructions

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Slackware: 2020-124-03 Important: HTTPD Buffer Overflow Vulnerability

Summary

Topics Covered

Where Find New Packages

MD5 Signatures

Topics Covered

Get the latest News and Insights

Installation Instructions

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!