Slackware: 'apache' Remote DoS vulnerability
Posted by Team   
Slackware Slackware has updated apache to fix the recent chunked encoding vulnerability.

Date: Wed, 19 Jun 2002 21:18:39 -0700 (PDT)
From: Slackware Security Team 
Subject: [slackware-security] new apache/mod_ssl packages available

New Apache packages for Slackware are available to fix a security issue.

From the Apache site:

"While testing for Oracle vulnerabilities, Mark Litchfield discovered a
denial of service attack for Apache on Windows.  Investigation by the
Apache Software Foundation showed that this issue has a wider scope, which
on some platforms results in a denial of service vulnerability, while on
some other platforms presents a potential a remote exploit vulnerability."

The complete text of the Apache announcement may be found here:

The Common Vulnerabilities and Exposures project ( has
assigned the name CAN-2002-0392 to this issue:


We recommend that sites providing external Apache access upgrade to the fixed
Apache package as soon as possible.  If you are using mod_ssl, you will also
require an updated mod_ssl package.  Updated packages have been prepared for
Slackware 8.0 and 8.1.

Updated Apache package for Slackware 8.0:

Updated Apache package for Slackware 8.1:

Updated mod_ssl package for Slackware 8.0:

Updated mod_ssl package for Slackware 8.1:


Here are the md5sums for the packages:

Slackware 8.0:
69de43846c84209bc274ff5c1af554d6  apache.tgz
ca09ade9fbcd66b2e6e2aa13906140d2  mod_ssl.tgz

Slackware 8.1:
d92ba4c9a8b4afd589e274f394fa0e3c  apache-1.3.26-i386-1.tgz
1ac6cd008bb22db99accacc8648efbf6  mod_ssl-2.8.9_1.3.26-i386-1.tgz


First, stop apache:

   # apachectl stop

Next, upgrade the package(s):

   # upgradepkg apache-1.3.26-i386-1.tgz
   # upgradepkg mod_ssl-2.8.9_1.3.26-i386-1.tgz

Then, restart apache:

   # apachectl start

Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team