drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in Apache
Name: |
Pufferüberlauf in Apache |
|
ID: |
SSA:2006-209-01 |
|
Distribution: |
Slackware |
|
Plattformen: |
Slackware -current, Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2 |
|
Datum: |
Sa, 29. Juli 2006, 02:35 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747 |
|
Applikationen: |
Apache |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] Apache httpd (SSA:2006-209-01)
New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue with mod_rewrite.
More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
In addition, new mod_ssl packages for Apache 1.3.37 are available for all of these versions of Slackware. This additional package does not fix a security issue, but may be required on your system depending on your Apache setup.
Here are the details from the Slackware 10.2 ChangeLog: +--------------------------+ patches/packages/apache-1.3.37-i486-1_slack10.2.tgz: Upgraded to apache-1.3.37. From the announcement on httpd.apache.org: This version of Apache is security fix release only. An off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0. The Slackware Security Team feels that the vast majority of installations will not be configured in a vulnerable way but still suggests upgrading to the new apache and mod_ssl packages for maximum security. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747 And see Apache's announcement here: http://www.apache.org/dist/httpd/Announcement1.3.html (* Security fix *) patches/packages/mod_ssl-2.8.28_1.3.37-i486-1_slack10.2.tgz: Upgraded to mod_ssl-2.8.28-1.3.37. +--------------------------+
Where to find the new packages: +-----------------------------+
Updated packages for Slackware 8.1: apache-1.3.37-i386-1_slack8.1.tgz mod_ssl-2.8.28_1.3.37-i386-1_slack8.1.tgz
Updated packages for Slackware 9.0: apache-1.3.37-i386-1_slack9.0.tgz mod_ssl-2.8.28_1.3.37-i386-1_slack9.0.tgz
Updated packages for Slackware 9.1: apache-1.3.37-i486-1_slack9.1.tgz mod_ssl-2.8.28_1.3.37-i486-1_slack9.1.tgz
Updated packages for Slackware 10.0: apache-1.3.37-i486-1_slack10.0.tgz mod_ssl-2.8.28_1.3.37-i486-1_slack10.0.tgz
Updated packages for Slackware 10.1: apache-1.3.37-i486-1_slack10.1.tgz mod_ssl-2.8.28_1.3.37-i486-1_slack10.1.tgz
Updated packages for Slackware 10.2: apache-1.3.37-i486-1_slack10.2.tgz mod_ssl-2.8.28_1.3.37-i486-1_slack10.2.tgz
Updated packages for Slackware -current: apache-1.3.37-i486-1.tgz mod_ssl-2.8.28_1.3.37-i486-1.tgz
MD5 signatures: +-------------+
Slackware 8.1 packages: 55d47a6b97a9d7a22c7a763516efcea8 apache-1.3.37-i386-1_slack8.1.tgz 1368c7ae40208b163f3206f3e22048ff mod_ssl-2.8.28_1.3.37-i386-1_slack8.1.tgz
Slackware 9.0 packages: 99ce9375d240afd31b9106adec400815 apache-1.3.37-i386-1_slack9.0.tgz 5a61caaf9f4165212907e6a296356c43 mod_ssl-2.8.28_1.3.37-i386-1_slack9.0.tgz
Slackware 9.1 packages: 25a4d00152a314a0725d911042e96401 apache-1.3.37-i486-1_slack9.1.tgz 7cc5b41158adf19a069897add2700afa mod_ssl-2.8.28_1.3.37-i486-1_slack9.1.tgz
Slackware 10.0 packages: 84542fd4e9b31a5607810ccf4a37a103 apache-1.3.37-i486-1_slack10.0.tgz dc47b69b0609f94a68196d07c42d563f mod_ssl-2.8.28_1.3.37-i486-1_slack10.0.tgz
Slackware 10.1 packages: d442b2fa446eb41592ad2b0b8f9bf836 apache-1.3.37-i486-1_slack10.1.tgz fc5dc2154b3d906a91745761a9511276 mod_ssl-2.8.28_1.3.37-i486-1_slack10.1.tgz
Slackware 10.2 packages: 289a0160cce32539318b6155e112905d apache-1.3.37-i486-1_slack10.2.tgz f115fb6e615f2688e182a7696b63f76e mod_ssl-2.8.28_1.3.37-i486-1_slack10.2.tgz
Slackware -current packages: 8031dea830403ed012b6cf12795dd219 apache-1.3.37-i486-1.tgz fb24b42306a8731b1fcce93c90f99ded mod_ssl-2.8.28_1.3.37-i486-1.tgz
Installation instructions: +------------------------+
First, stop apache:
# apachectl stop
Then, upgrade the apache package:
# upgradepkg apache-1.3.37-i486-1_slack10.2.tgz mod_ssl-2.8.28_1.3.37-i486-1_slack10.2.tgz
Finally, restart apache:
# apachectl start
Or, if you use mod_ssl:
# apachectl startssl
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFEypX4akRjwEAQIjMRAsGoAKCKEIXGmmj8mVMXaH34Dn5lTqvqtQCcCJx5 jk39xxMkaGiJ/nmima9WMMs= =GZk2 -----END PGP SIGNATURE-----
|
|
|
|