drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in Apache
Name: |
Preisgabe von Informationen in Apache |
|
ID: |
SSA:2017-261-01 |
|
Distribution: |
Slackware |
|
Plattformen: |
Slackware -current, Slackware 13.0, Slackware x86_64 13.0, Slackware x86_64 -current, Slackware x86_64 13.1, Slackware 13.1, Slackware x86_64 13.37, Slackware 13.37, Slackware 14.0, Slackware x86_64 14.0, Slackware 14.1, Slackware x86_64 14.1, Slackware 14.2, Slackware x86_64 14.2 |
|
Datum: |
Di, 19. September 2017, 06:34 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798 |
|
Applikationen: |
Apache |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] httpd (SSA:2017-261-01)
New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.27-i586-2_slack14.2.txz: Rebuilt. This update patches a security issue ("Optionsbleed") with the OPTIONS http method which may leak arbitrary pieces of memory to a potential attacker. Thanks to Hanno Bo:ck. For more information, see: http://seclists.org/oss-sec/2017/q3/477 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798 (* Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: httpd-2.2.34-i486-2_slack13.0.txz
Updated package for Slackware x86_64 13.0: httpd-2.2.34-x86_64-2_slack13.0.txz
Updated package for Slackware 13.1: httpd-2.2.34-i486-2_slack13.1.txz
Updated package for Slackware x86_64 13.1: httpd-2.2.34-x86_64-2_slack13.1.txz
Updated package for Slackware 13.37: httpd-2.2.34-i486-2_slack13.37.txz
Updated package for Slackware x86_64 13.37: httpd-2.2.34-x86_64-2_slack13.37.txz
Updated package for Slackware 14.0: httpd-2.4.27-i486-2_slack14.0.txz
Updated package for Slackware x86_64 14.0: httpd-2.4.27-x86_64-2_slack14.0.txz
Updated package for Slackware 14.1: httpd-2.4.27-i486-2_slack14.1.txz
Updated package for Slackware x86_64 14.1: httpd-2.4.27-x86_64-2_slack14.1.txz
Updated package for Slackware 14.2: httpd-2.4.27-i586-2_slack14.2.txz
Updated package for Slackware x86_64 14.2: httpd-2.4.27-x86_64-2_slack14.2.txz
Updated package for Slackware -current: httpd-2.4.27-i586-3.txz
Updated package for Slackware x86_64 -current: httpd-2.4.27-x86_64-3.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 1d84028976a221517f3880891d82240d httpd-2.2.34-i486-2_slack13.0.txz
Slackware x86_64 13.0 package: 22dd84ddbaaa226f439966b4dff9f8e0 httpd-2.2.34-x86_64-2_slack13.0.txz
Slackware 13.1 package: b4b5d21bae978270445fa8e03b5b77a9 httpd-2.2.34-i486-2_slack13.1.txz
Slackware x86_64 13.1 package: d9f4cd3c883ddb34c6855dc387d373f4 httpd-2.2.34-x86_64-2_slack13.1.txz
Slackware 13.37 package: ec970592d7e91ed417a9bbaf7ad495d5 httpd-2.2.34-i486-2_slack13.37.txz
Slackware x86_64 13.37 package: d8286c041210b312d9facc3b7912e97f httpd-2.2.34-x86_64-2_slack13.37.txz
Slackware 14.0 package: e152b68187918dc592a5346c79b7c05d httpd-2.4.27-i486-2_slack14.0.txz
Slackware x86_64 14.0 package: 711abde18d484661f731422d333931ea httpd-2.4.27-x86_64-2_slack14.0.txz
Slackware 14.1 package: 7db6d646d14d9dd0ba3422bc6a5187e2 httpd-2.4.27-i486-2_slack14.1.txz
Slackware x86_64 14.1 package: 1a8faf0343d8a1e06e2a6102d3a09e84 httpd-2.4.27-x86_64-2_slack14.1.txz
Slackware 14.2 package: 65704345c6deb52ba079f661a12e7e1e httpd-2.4.27-i586-2_slack14.2.txz
Slackware x86_64 14.2 package: 16147809df94a27bff1aad4505ae5b7c httpd-2.4.27-x86_64-2_slack14.2.txz
Slackware -current package: cc34f27a9928ce108cae65dc1db6282e n/httpd-2.4.27-i586-3.txz
Slackware x86_64 -current package: 84d2b395649953f128679fb969c19d66 n/httpd-2.4.27-x86_64-3.txz
Installation instructions: +------------------------+
Upgrade the package as root: # upgradepkg httpd-2.4.27-i586-2_slack14.2.txz
Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlnAHA4ACgkQakRjwEAQIjOVCACeMJRwcsHnj9uCuNVR0nu8Sxgd fv8AnR+1MxNXkdv2SwSEyyjfvQmGYymj =ukrY -----END PGP SIGNATURE-----
|
|
|
|