Date: Wed, 19 Jun 2002 21:18:39 -0700 (PDT)
From: Slackware Security Team 
To: slackware-security@slackware.com
Subject: [slackware-security] new apache/mod_ssl packages available

New Apache packages for Slackware are available to fix a security issue.

From the Apache site:

"While testing for Oracle vulnerabilities, Mark Litchfield discovered a
denial of service attack for Apache on Windows.  Investigation by the
Apache Software Foundation showed that this issue has a wider scope, which
on some platforms results in a denial of service vulnerability, while on
some other platforms presents a potential a remote exploit vulnerability."

The complete text of the Apache announcement may be found here:
  https://httpd.apache.org/info/security_bulletin_20020617.txt

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0392 to this issue:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0392


SOLUTION
--------

We recommend that sites providing external Apache access upgrade to the fixed
Apache package as soon as possible.  If you are using mod_ssl, you will also
require an updated mod_ssl package.  Updated packages have been prepared for
Slackware 8.0 and 8.1.


WHERE TO FIND THE NEW PACKAGES:
-------------------------------
Updated Apache package for Slackware 8.0:

Updated Apache package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/slackware/n/apache-1.3.26-i386-1.tgz

Updated mod_ssl package for Slackware 8.0:

Updated mod_ssl package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/slackware/n/mod_ssl-2.8.9_1.3.26-i386-1.tgz


MD5 SIGNATURE:
--------------

Here are the md5sums for the packages:

Slackware 8.0:
69de43846c84209bc274ff5c1af554d6  apache.tgz
ca09ade9fbcd66b2e6e2aa13906140d2  mod_ssl.tgz

Slackware 8.1:
d92ba4c9a8b4afd589e274f394fa0e3c  apache-1.3.26-i386-1.tgz
1ac6cd008bb22db99accacc8648efbf6  mod_ssl-2.8.9_1.3.26-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

First, stop apache:

   # apachectl stop

Next, upgrade the package(s):

   # upgradepkg apache-1.3.26-i386-1.tgz
   # upgradepkg mod_ssl-2.8.9_1.3.26-i386-1.tgz

Then, restart apache:

   # apachectl start


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
  http://www.slackware.com

Slackware: 'apache' Remote DoS vulnerability

June 20, 2002
Slackware has updated apache to fix the recent chunked encoding vulnerability.

Summary

Where Find New Packages

MD5 Signatures

Severity
Date: Wed, 19 Jun 2002 21:18:39 -0700 (PDT) From: Slackware Security Team To: slackware-security@slackware.com Subject: [slackware-security] new apache/mod_ssl packages available
New Apache packages for Slackware are available to fix a security issue.
From the Apache site:
"While testing for Oracle vulnerabilities, Mark Litchfield discovered a denial of service attack for Apache on Windows. Investigation by the Apache Software Foundation showed that this issue has a wider scope, which on some platforms results in a denial of service vulnerability, while on some other platforms presents a potential a remote exploit vulnerability."
The complete text of the Apache announcement may be found here: https://httpd.apache.org/info/security_bulletin_20020617.txt
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0392 to this issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0392
SOLUTION --------
We recommend that sites providing external Apache access upgrade to the fixed Apache package as soon as possible. If you are using mod_ssl, you will also require an updated mod_ssl package. Updated packages have been prepared for Slackware 8.0 and 8.1.
WHERE TO FIND THE NEW PACKAGES: ------------------------------- Updated Apache package for Slackware 8.0:
Updated Apache package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/slackware/n/apache-1.3.26-i386-1.tgz
Updated mod_ssl package for Slackware 8.0:
Updated mod_ssl package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/slackware/n/mod_ssl-2.8.9_1.3.26-i386-1.tgz
MD5 SIGNATURE: --------------
Here are the md5sums for the packages:
Slackware 8.0: 69de43846c84209bc274ff5c1af554d6 apache.tgz ca09ade9fbcd66b2e6e2aa13906140d2 mod_ssl.tgz
Slackware 8.1: d92ba4c9a8b4afd589e274f394fa0e3c apache-1.3.26-i386-1.tgz 1ac6cd008bb22db99accacc8648efbf6 mod_ssl-2.8.9_1.3.26-i386-1.tgz
INSTALLATION INSTRUCTIONS: --------------------------
First, stop apache:
# apachectl stop
Next, upgrade the package(s):
# upgradepkg apache-1.3.26-i386-1.tgz # upgradepkg mod_ssl-2.8.9_1.3.26-i386-1.tgz
Then, restart apache:
# apachectl start
Remember, it's also a good idea to backup configuration files before upgrading packages.
- Slackware Linux Security Team http://www.slackware.com

Installation Instructions

Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved