Several security problems have been found in the Apache web server
software.  It is recommended that all users of Apache upgrade to the
latest stable release to fix these problems.

Apache is included in our N software series in the apache.tgz package.  A
new apache.tgz package including Apache 1.3.14 is available in the
Slackware -current tree.  All users of Slackware 7.0, 7.1, and -current
are urged to upgraded to this package.


========================================apache 1.3.14 AVAILABLE - (n1/apache.tgz)
========================================
   The following security problems have been fixed with the release of
   Apache 1.3.14:

      * A problem with the Rewrite module, mod_rewrite, allowed access to
        any file on the web server under certain circumstances.

      * The handling of Host: headers in mass virtual hosting configurations,
        mod_vhost_alias, could allow access to any file on the server.

      * If a cgi-bin directory is under the document root, the source to
        the scripts inside it could be sent if using mass virtual hosting.

   The new Slackware apache.tgz package can be downloaded from the
   -current branch:

      
 

   This package is *ONLY* for users of Slackware 7.0 and higher.  All
   users of Slackware 7.0 and higher that use Apache are urged to upgrade
   to this new package.

   For verification purposes, we provide the following checksums:

      16-bit "sum" checksum:
      36187  2184 n1/apache.tgz

      128-bit MD5 message digest:
      42cabff64514457bf9e81e55decda9fe  n1/apache.tgz

   Installation instructions for the apache.tgz package:

      Make sure Apache is not running:

         # /var/lib/apache/sbin/apachectl stop

      Upgrade the package:

         # upgradepkg apache.tgz

      Restart Apache:

         # /etc/rc.d/rc.httpd


You should definitely backup your Apache configuration files and data, as
upgrading this package will overwrite them with the defaults in the
package.

- Slackware Linux Security Team
   The Slackware Linux Project

Slackware: 'apache' update

October 17, 2000
Several security problems have been found in the Apache web server software

Summary

Where Find New Packages

MD5 Signatures

Severity
Several security problems have been found in the Apache web server software. It is recommended that all users of Apache upgrade to the latest stable release to fix these problems.
Apache is included in our N software series in the apache.tgz package. A new apache.tgz package including Apache 1.3.14 is available in the Slackware -current tree. All users of Slackware 7.0, 7.1, and -current are urged to upgraded to this package.
========================================apache 1.3.14 AVAILABLE - (n1/apache.tgz) ======================================== The following security problems have been fixed with the release of Apache 1.3.14:
* A problem with the Rewrite module, mod_rewrite, allowed access to any file on the web server under certain circumstances.
* The handling of Host: headers in mass virtual hosting configurations, mod_vhost_alias, could allow access to any file on the server.
* If a cgi-bin directory is under the document root, the source to the scripts inside it could be sent if using mass virtual hosting.
The new Slackware apache.tgz package can be downloaded from the -current branch:
This package is *ONLY* for users of Slackware 7.0 and higher. All users of Slackware 7.0 and higher that use Apache are urged to upgrade to this new package.
For verification purposes, we provide the following checksums:
16-bit "sum" checksum: 36187 2184 n1/apache.tgz
128-bit MD5 message digest: 42cabff64514457bf9e81e55decda9fe n1/apache.tgz
Installation instructions for the apache.tgz package:
Make sure Apache is not running:
# /var/lib/apache/sbin/apachectl stop
Upgrade the package:
# upgradepkg apache.tgz
Restart Apache:
# /etc/rc.d/rc.httpd
You should definitely backup your Apache configuration files and data, as upgrading this package will overwrite them with the defaults in the package.
- Slackware Linux Security Team The Slackware Linux Project

Installation Instructions

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved