Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Slackware 14.x Critical Fix: Httpd Path Traversal Security Issue

slackware
Calendar Grey October 5, 2021
Dist Slackware Esm H88
The latest httpd updates for the Slackware 14.x series tackle significant security vulnerabilities, incorporating essential enhancements and patches.
New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/httpd-2.4.50-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. Fixed null pointer dereference in h2 fuzzing. Fixed path traversal and file disclosure vulnerability. For more information, see: https://www.cve.org/CVERecord?id=CVE-2021-41524 https://www.cve.org/CVERecord?id=CVE-2021-41773 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.0 package: 758dffc23a1504de73404a3722b5c678 httpd-2.4.50-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 141276e5534ba71d78c95773ea6ee115 httpd-2.4.50-x86_64-1_slack14.0.txz
Slackware 14.1 package: 9783dbf60532959fa59c5ea5a39de12f httpd-2.4.50-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: cf6e8c46653385296e4f5d2f98c13369 httpd-2.4.50-x86_64-1_slack14.1.txz
Slackware 14.2 package: 53b8fec2d3b536bb35dbbd96cfc16ed6 httpd-2.4.50-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: c10d440eee460e784aa9023e8ed05f02 httpd-2.4.50-x86_64-1_slack14.2.txz
Slackware -current package: eeaa1bd4a7980f998a4d15a86803a4e0 n/httpd-2.4.50-i586-1.txz
Slackware x86_64 -current package: 1f7c8675b37517c68d2f77695932e510 n/httpd-2.4.50-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg httpd-2.4.50-i586-1_slack14.2.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start

Your message here