-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2022-073-01) New httpd packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.53-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: mod_sed: Read/write beyond bounds core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody HTTP request smuggling vulnerability mod_lua: Use of uninitialized value in r:parsebody For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22720 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on https://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware 14.2: Updated package for Slackware x86_64 14.2: Updated package for Slackware 15.0: Updated package for Slackware x86_64 15.0: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0 package: c63c26904ced1c59568c3d0b0e8414a4 httpd-2.4.53-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 7e8a3b76c5587c26fcbed9dbbe2b8b45 httpd-2.4.53-x86_64-1_slack14.0.txz Slackware 14.1 package: 4209c7e2294e4df9df271c199ea72d09 httpd-2.4.53-i486-1_slack14.1.txz Slackware x86_64 14.1 package: bfb65fe235a488d21205e23027c2b8e2 httpd-2.4.53-x86_64-1_slack14.1.txz Slackware 14.2 package: 2999e0845aef819a1f71c025a0db4c97 httpd-2.4.53-i586-1_slack14.2.txz Slackware x86_64 14.2 package: cdddb9fb2462e1401c70c9158ad31a78 httpd-2.4.53-x86_64-1_slack14.2.txz Slackware 15.0 package: e28a39d094f832e11251d59d9c275d95 httpd-2.4.53-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 4884ea89e1e23810bd554797493b4d1a httpd-2.4.53-x86_64-1_slack15.0.txz Slackware -current package: a2e794ec5a4da73e3fc6d71cd6076beb n/httpd-2.4.53-i586-1.txz Slackware x86_64 -current package: bac215a95c830078d598f8486834412e n/httpd-2.4.53-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg httpd-2.4.53-i586-1_slack15.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+