Alerts This Week
Warning Icon 1 697
Alerts This Week
Warning Icon 1 697

Slackware: 2023-067-01 Critical: Httpd Request Smuggling Attack

slackware
Calendar Grey March 8, 2023
Dist Slackware Esm H88
Updated httpd versions for Slackware tackle urgent security vulnerabilities and enhance overall system reliability.
New httpd packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.56-i586-1_slack15.0.txz: Upgraded. This update fixes two security issues: HTTP Response Smuggling vulnerability via mod_proxy_uwsgi. HTTP Request Smuggling attack via mod_rewrite and mod_proxy. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-27522 https://www.cve.org/CVERecord?id=CVE-2023-25690 (* Security fix *)

Topics%20covered

Topics Covered

security advisory security issue critical httpd patch slackware smuggling

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0:
Updated package for Slackware x86_64 14.0:
Updated package for Slackware 14.1:
Updated package for Slackware x86_64 14.1:
Updated package for Slackware 14.2:
Updated package for Slackware x86_64 14.2:
Updated package for Slackware 15.0:
Updated package for Slackware x86_64 15.0:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 14.0 package: aa5ba4ca65ef5e2f1a556dce59499f53 httpd-2.4.56-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 6b3b96f0f263ce160c248e432feb9e22 httpd-2.4.56-x86_64-1_slack14.0.txz
Slackware 14.1 package: 0466df1d0b695e06423b3b74e4b3001c httpd-2.4.56-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 24c7e5cdc84dadc5dbb4d2492be91211 httpd-2.4.56-x86_64-1_slack14.1.txz
Slackware 14.2 package: 44303214ead7652ff59b0482721c40a2 httpd-2.4.56-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 6d87a8aafce21046bf8182a72cb3adb3 httpd-2.4.56-x86_64-1_slack14.2.txz
Slackware 15.0 package: eb75e6a814fadb936efa78bb394f37a2 httpd-2.4.56-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 66bc518f7d6aca2ea55f8da4979df3aa httpd-2.4.56-x86_64-1_slack15.0.txz
Slackware -current package: 2c0db3136e67efd747d3305dfb1cc4a5 n/httpd-2.4.56-i586-1.txz
Slackware x86_64 -current package: 3618ff7ab4a7253d1cd485b5c696fe8c n/httpd-2.4.56-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory security issue critical httpd patch slackware smuggling

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg httpd-2.4.56-i586-1_slack15.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start

Related News

Your message here