Home page logo
/

bugtraq logo Bugtraq mailing list archives

[slackware-security] new apache/mod_ssl packages available
From: Dave Ahmad <da () securityfocus com>
Date: Fri, 21 Jun 2002 14:57:54 -0600 (MDT)



---------- Forwarded message ----------
Date: Wed, 19 Jun 2002 21:18:39 -0700 (PDT)
From: Slackware Security Team <security () bob slackware com>
To: slackware-security () slackware com
Subject: [slackware-security] new apache/mod_ssl packages available



New Apache packages for Slackware are available to fix a security issue.

From the Apache site:

"While testing for Oracle vulnerabilities, Mark Litchfield discovered a
denial of service attack for Apache on Windows.  Investigation by the
Apache Software Foundation showed that this issue has a wider scope, which
on some platforms results in a denial of service vulnerability, while on
some other platforms presents a potential a remote exploit vulnerability."

The complete text of the Apache announcement may be found here:
  http://httpd.apache.org/info/security_bulletin_20020617.txt

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0392 to this issue:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0392


SOLUTION
--------

We recommend that sites providing external Apache access upgrade to the fixed
Apache package as soon as possible.  If you are using mod_ssl, you will also
require an updated mod_ssl package.  Updated packages have been prepared for
Slackware 8.0 and 8.1.


WHERE TO FIND THE NEW PACKAGES:
-------------------------------
Updated Apache package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/apache.tgz

Updated Apache package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/slackware/n/apache-1.3.26-i386-1.tgz

Updated mod_ssl package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/mod_ssl.tgz

Updated mod_ssl package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/slackware/n/mod_ssl-2.8.9_1.3.26-i386-1.tgz


MD5 SIGNATURE:
--------------

Here are the md5sums for the packages:

Slackware 8.0:
69de43846c84209bc274ff5c1af554d6  apache.tgz
ca09ade9fbcd66b2e6e2aa13906140d2  mod_ssl.tgz

Slackware 8.1:
d92ba4c9a8b4afd589e274f394fa0e3c  apache-1.3.26-i386-1.tgz
1ac6cd008bb22db99accacc8648efbf6  mod_ssl-2.8.9_1.3.26-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

First, stop apache:

   # apachectl stop

Next, upgrade the package(s):

   # upgradepkg apache-1.3.26-i386-1.tgz
   # upgradepkg mod_ssl-2.8.9_1.3.26-i386-1.tgz

Then, restart apache:

   # apachectl start


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
  http://www.slackware.com


+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo () slackware com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+



  By Date           By Thread  

Current thread:
  • [slackware-security] new apache/mod_ssl packages available Dave Ahmad (Jun 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault