Slackware: 2019-096-01: httpd Security Update

    Date06 Apr 2019
    CategorySlackware
    342
    Posted ByLinuxSecurity Advisories
    New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
    
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    [slackware-security]  httpd (SSA:2019-096-01)
    
    New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current
    to fix a security issue.
    
    
    Here are the details from the Slackware 14.2 ChangeLog:
    +--------------------------+
    patches/packages/httpd-2.4.39-i586-1_slack14.2.txz:  Upgraded.
      This release contains security fixes and improvements.
      In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker
      or prefork, code executing in less-privileged child processes or threads
      (including scripts executed by an in-process scripting interpreter) could
      execute arbitrary code with the privileges of the parent process by
      manipulating the scoreboard.
      For more information, see:
        https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211
      (* Security fix *)
    +--------------------------+
    
    
    Where to find the new packages:
    +-----------------------------+
    
    Thanks to the friendly folks at the OSU Open Source Lab
    (http://osuosl.org) for donating FTP and rsync hosting
    to the Slackware project!  :-)
    
    Also see the "Get Slack" section on http://slackware.com for
    additional mirror sites near you.
    
    Updated package for Slackware 14.0:
    ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.39-i486-1_slack14.0.txz
    
    Updated package for Slackware x86_64 14.0:
    ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.39-x86_64-1_slack14.0.txz
    
    Updated package for Slackware 14.1:
    ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.39-i486-1_slack14.1.txz
    
    Updated package for Slackware x86_64 14.1:
    ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.39-x86_64-1_slack14.1.txz
    
    Updated package for Slackware 14.2:
    ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/httpd-2.4.39-i586-1_slack14.2.txz
    
    Updated package for Slackware x86_64 14.2:
    ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/httpd-2.4.39-x86_64-1_slack14.2.txz
    
    Updated package for Slackware -current:
    ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.39-i586-1.txz
    
    Updated package for Slackware x86_64 -current:
    ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.39-x86_64-1.txz
    
    
    MD5 signatures:
    +-------------+
    
    Slackware 14.0 package:
    ef8dc6c74f67c20f69e45d367c69d91e  httpd-2.4.39-i486-1_slack14.0.txz
    
    Slackware x86_64 14.0 package:
    213e093ac572698139ce27bf378a0bec  httpd-2.4.39-x86_64-1_slack14.0.txz
    
    Slackware 14.1 package:
    4191bba2f5d138a5bfd7a65e7d8a01cc  httpd-2.4.39-i486-1_slack14.1.txz
    
    Slackware x86_64 14.1 package:
    177aaf7e527a5eb2c4de2b6f1b6d03ea  httpd-2.4.39-x86_64-1_slack14.1.txz
    
    Slackware 14.2 package:
    d9b05dfe83204233ab7c4ffa46ee8936  httpd-2.4.39-i586-1_slack14.2.txz
    
    Slackware x86_64 14.2 package:
    7f21336828b6b8db4ffd74d3ffadf249  httpd-2.4.39-x86_64-1_slack14.2.txz
    
    Slackware -current package:
    002df106ca8a8ce88cf6abbe5dd7518a  n/httpd-2.4.39-i586-1.txz
    
    Slackware x86_64 -current package:
    d1ed25cdbb792326e2fe3f7f28a3d901  n/httpd-2.4.39-x86_64-1.txz
    
    
    Installation instructions:
    +------------------------+
    
    Upgrade the package as root:
    # upgradepkg httpd-2.4.39-i586-1_slack14.2.txz
    
    Then, restart Apache httpd:
    
    # /etc/rc.d/rc.httpd stop
    # /etc/rc.d/rc.httpd start
    
    
    +-----+
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    12
    radio
    [{"id":"53","title":"Yes","votes":"5","type":"x","order":"1","pct":83.33,"resources":[]},{"id":"54","title":"No","votes":"1","type":"x","order":"2","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.