Login
Newsletter
Werbung

Sicherheit: Fehlerkorrektur in Apache
Aktuelle Meldungen Distributionen
Name: Fehlerkorrektur in Apache
ID: SSA:2006-130-01
Distribution: Slackware
Plattformen: Slackware -current, Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2
Datum: Mi, 10. Mai 2006, 23:27
Referenzen: Keine Angabe
Applikationen: Apache

Originalnachricht


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Apache httpd redux (SSA:2006-130-01)

New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, and -current to fix a bug with Apache 1.3.35 and glibc that
breaks wildcards in Include directives. It may not occur with all
versions of glibc, but it has been verified on -current (using an Include
within a file already Included causes a crash), so better to patch it
and reissue these packages just to be sure. My apologies if the last
batch of updates caused anyone undue grief... they worked here with my
(too simple?) config files.

Note that if you use mod_ssl, you'll also require the mod_ssl package
that was part of yesterday's release, and on -current you'll need the
newest PHP package (if you use PHP).

Thanks to Francesco Gringoli for bringing this issue to my attention.


Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/apache-1.3.35-i486-2_slack10.2.tgz:
Patched to fix totally broken Include behavior.
Thanks to Francesco Gringoli for reporting this bug.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Slackware 8.1:
apache-1.3.35-i386-2_slack8.1.tgz

Updated package for Slackware 9.0:
apache-1.3.35-i386-2_slack9.0.tgz

Updated package for Slackware 9.1:
apache-1.3.35-i486-2_slack9.1.tgz

Updated package for Slackware 10.0:
apache-1.3.35-i486-2_slack10.0.tgz

Updated package for Slackware 10.1:
apache-1.3.35-i486-2_slack10.1.tgz

Updated package for Slackware 10.2:
apache-1.3.35-i486-2_slack10.2.tgz

Updated package for Slackware -current:
apache-1.3.35-i486-2.tgz


MD5 signatures:
+-------------+

Slackware 8.1 package:
3affa50debe634e148d8cfed98733a47 apache-1.3.35-i386-2_slack8.1.tgz

Slackware 9.0 package:
d3d5c446c6b16c84d17a43c0e836071c apache-1.3.35-i386-2_slack9.0.tgz

Slackware 9.1 package:
daa91eb34cd487f7621301f95ac931ce apache-1.3.35-i486-2_slack9.1.tgz

Slackware 10.0 package:
d4031f1dc80659091c9b83a9bfed2a9e apache-1.3.35-i486-2_slack10.0.tgz

Slackware 10.1 package:
a1239458270ae312f4d7f510cbd9785b apache-1.3.35-i486-2_slack10.1.tgz

Slackware 10.2 package:
78130e24c739ea5c3569a0ab6647a7df apache-1.3.35-i486-2_slack10.2.tgz

Slackware -current packages:
4b961ce755054c1820988ff0192922ad apache-1.3.35-i486-2.tgz


Installation instructions:
+------------------------+

First, stop apache:

# apachectl stop

Then, upgrade the apache package:

# upgradepkg apache-1.3.35-i486-2_slack10.2.tgz

Finally, restart apache:

# apachectl start

Or, if you use mod_ssl:

# apachectl startssl


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFEYlgpakRjwEAQIjMRAhLkAJ0fv6adt0ax/DkSlP7DdCcEv6evggCbBkzy
qHwX74fYu+DZAnYynIkEaCw=
=b1F1
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung