|
|
|
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] Apache httpd redux (SSA:2006-130-01)
Date: Wed, 10 May 2006 14:19:07 -0700 (PDT) |
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] Apache httpd redux (SSA:2006-130-01)
New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, and -current to fix a bug with Apache 1.3.35 and glibc that
breaks wildcards in Include directives. It may not occur with all
versions of glibc, but it has been verified on -current (using an Include
within a file already Included causes a crash), so better to patch it
and reissue these packages just to be sure. My apologies if the last
batch of updates caused anyone undue grief... they worked here with my
(too simple?) config files.
Note that if you use mod_ssl, you'll also require the mod_ssl package
that was part of yesterday's release, and on -current you'll need the
newest PHP package (if you use PHP).
Thanks to Francesco Gringoli for bringing this issue to my attention.
Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/apache-1.3.35-i486-2_slack10.2.tgz:
Patched to fix totally broken Include behavior.
Thanks to Francesco Gringoli for reporting this bug.
+--------------------------+
Where to find the new packages:
+-----------------------------+
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.35-i386-2_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/apache-1.3.35-i386-2_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/apache-1.3.35-i486-2_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/apache-1.3.35-i486-2_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/apache-1.3.35-i486-2_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/apache-1.3.35-i486-2_slack10.2.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/apache-1.3.35-i486-2.tgz
MD5 signatures:
+-------------+
Slackware 8.1 package:
3affa50debe634e148d8cfed98733a47 apache-1.3.35-i386-2_slack8.1.tgz
Slackware 9.0 package:
d3d5c446c6b16c84d17a43c0e836071c apache-1.3.35-i386-2_slack9.0.tgz
Slackware 9.1 package:
daa91eb34cd487f7621301f95ac931ce apache-1.3.35-i486-2_slack9.1.tgz
Slackware 10.0 package:
d4031f1dc80659091c9b83a9bfed2a9e apache-1.3.35-i486-2_slack10.0.tgz
Slackware 10.1 package:
a1239458270ae312f4d7f510cbd9785b apache-1.3.35-i486-2_slack10.1.tgz
Slackware 10.2 package:
78130e24c739ea5c3569a0ab6647a7df apache-1.3.35-i486-2_slack10.2.tgz
Slackware -current packages:
4b961ce755054c1820988ff0192922ad apache-1.3.35-i486-2.tgz
Installation instructions:
+------------------------+
First, stop apache:
# apachectl stop
Then, upgrade the apache package:
# upgradepkg apache-1.3.35-i486-2_slack10.2.tgz
Finally, restart apache:
# apachectl start
Or, if you use mod_ssl:
# apachectl startssl
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFEYlgpakRjwEAQIjMRAhLkAJ0fv6adt0ax/DkSlP7DdCcEv6evggCbBkzy
qHwX74fYu+DZAnYynIkEaCw=
=b1F1
-----END PGP SIGNATURE-----
|
|
|
