Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Slackware: 2023-292-01 Moderate: New Apache HTTP Server Packages Risk

slackware
Calendar Grey October 19, 2023
Dist Slackware Esm H88
Updated httpd packages for Slackware released to fix vulnerabilities and bugs, enhancing overall system security.
New httpd packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.58-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: moderate: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST. low: mod_macro buffer over-read. low: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-45802 https://www.cve.org/CVERecord?id=CVE-2023-31122 https://www.cve.org/CVERecord?id=CVE-2023-43622 (* Security fix *)

Topics%20covered

Topics Covered

security advisory Apache HTTP Server Slackware low severity Denial of Service HTTP/2 stream security fix to package

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.58-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.58-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.58-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.58-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/httpd-2.4.58-i586-1_slack14.2.txz
Updated package for Slackware x...

Read the Full Advisory

MD5 Signatures

Slackware 14.0 package: be61b3010a40d4577cb26e93b6b79a8c httpd-2.4.58-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 5f7ff40cd0e66d5c0a14331e851d9099 httpd-2.4.58-x86_64-1_slack14.0.txz
Slackware 14.1 package: 3fd6005860a0dc9e48f32e2b9c1f0f5c httpd-2.4.58-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: f6101cc6199c07a9cb221795a7225c3e httpd-2.4.58-x86_64-1_slack14.1.txz
Slackware 14.2 package: a501aa03a0c88f9af92b6c1a2e054b26 httpd-2.4.58-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: cea0e2aa5d35966c3b62cdc3bacffc07 httpd-2.4.58-x86_64-1_slack14.2.txz
Slackware 15.0 package: e0938d228724dc42a3db883858c9571c httpd-2.4.58-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 83dc7825819c85a88e936a02eaac5bf9 httpd-2.4.58-x86_64-1_slack15.0.txz
Slackware -current package: cc8c6a86de98682926696dd09a0cd04f n/httpd-2.4.58-i586-1.txz
Slackware x86_64 -current package: e115b6382c3cedaa4cd69a5ea55477f2 n/httpd-2.4.58-x86_64-1.txz

Severity
important
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory Apache HTTP Server Slackware low severity Denial of Service HTTP/2 stream security fix to package

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg httpd-2.4.58-i586-1_slack15.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start

Related News

Your message here