LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Slackware: 2011-133-01: apr/apr-util: Security Update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Slackware New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. [More Info...]
[slackware-security]  apr/apr-util (SSA:2011-133-01)

New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1,
12.2, 13.0, 13.1, 13.37, and -current to fix a security issue.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/apr-1.4.4-i486-1_slack13.37.txz:  Upgraded.
  This fixes a possible denial of service due to an unconstrained, recursive
  invocation of apr_fnmatch().  This function has been reimplemented using a
  non-recursive algorithm.  Thanks to William Rowe.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419
  (* Security fix *)
patches/packages/apr-util-1.3.11-i486-1_slack13.37.txz:  Upgraded.
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apr-1.4.4-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apr-util-1.3.11-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-1.4.4-i486-1_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-util-1.3.11-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-1.4.4-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-util-1.3.11-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-1.4.4-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-util-1.3.11-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-1.4.4-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-util-1.3.11-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-1.4.4-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-util-1.3.11-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-1.4.4-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-util-1.3.11-i486-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-1.4.4-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-util-1.3.11-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-1.4.4-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-util-1.3.11-x86_64-1_slack13.1.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-1.4.4-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-util-1.3.11-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-1.4.4-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-util-1.3.11-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-1.4.4-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-util-1.3.11-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 11.0 package:
0b18b21f2709e592f2d829323c8db2bd  apr-1.4.4-i486-1_slack11.0.tgz
6313ea5ec365a07c86eaaba2ae5a7696  apr-util-1.3.11-i486-1_slack11.0.tgz

Slackware 12.0 package:
b9b2c76b963a9dcba68c54172dbfd2e8  apr-1.4.4-i486-1_slack12.0.tgz
015ad6f362a378efd18f12cb9ecc7c9d  apr-util-1.3.11-i486-1_slack12.0.tgz

Slackware 12.1 package:
9e80da5d7f8f823a2ed9936b3cd0269b  apr-1.4.4-i486-1_slack12.1.tgz
00ab57f63b1c30c7cf6cfcea365badb1  apr-util-1.3.11-i486-1_slack12.1.tgz

Slackware 12.2 package:
aee097dbd39db150302d02f86d92609e  apr-1.4.4-i486-1_slack12.2.tgz
e61f61b8723bd06da8275e015ea03eac  apr-util-1.3.11-i486-1_slack12.2.tgz

Slackware 13.0 package:
023e7e77f01816d92a707546d570ec79  apr-1.4.4-i486-1_slack13.0.txz
e168ac8e42e201c7af87c3fd231ec95f  apr-util-1.3.11-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
7343a01be2f8a38118c75aa5133a7958  apr-1.4.4-x86_64-1_slack13.0.txz
458a11c15ed52db5b510c7d1aea065d5  apr-util-1.3.11-x86_64-1_slack13.0.txz

Slackware 13.1 package:
39a284a31204f0572d9e732df2e51c92  apr-1.4.4-i486-1_slack13.1.txz
fd264ef731d61afa627489dec1ed6d37  apr-util-1.3.11-i486-1_slack13.1.txz

Slackware 13.37 package:
2afbb475a8a0e4b5f48d42d2ba49a668  apr-1.4.4-i486-1_slack13.37.txz
a0e0f77943e718f26c448f7da7590406  apr-util-1.3.11-i486-1_slack13.37.txz

Slackware x86_64 13.1 package:
232289470e6486f08f7b9ee3755c055e  apr-1.4.4-x86_64-1_slack13.1.txz
777badbae85f141b55b370337967c55c  apr-util-1.3.11-x86_64-1_slack13.1.txz

Slackware x86_64 13.37 package:
9a2d329a4cdabb9369e9ed7e78cdffcf  apr-1.4.4-x86_64-1_slack13.37.txz
6ba07cc7e5cab3ac648d0012783fe455  apr-util-1.3.11-x86_64-1_slack13.37.txz

Slackware -current package:
4e010ab165a7504563f316db5b0e34ac  apr-1.4.4-i486-1.txz
7c4c1d8febf9e51a95b627e6631ea2b2  apr-util-1.3.11-i486-1.txz

Slackware x86_64 -current package:
5707d225f07da633c67773f6cc6d3fd6  apr-1.4.4-x86_64-1.txz
31d3ce32a2e964ab3128804077cdccd0  apr-util-1.3.11-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg apr-1.4.4-i486-1_slack13.37.txz apr-util-1.3.11-i486-1_slack13.37.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hacker Halted 2014: Johnny Long Calls for Hackers for Charity Volunteers
RIPS – Static Source Code Analysis For PHP Vulnerabilities
Finding a Video Poker Bug Made These Guys Rich—Then Vegas Made Them Pay
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.