Date: Wed, 19 Jun 2002 21:18:39 -0700 (PDT)
From: Slackware Security Team 
To: slackware-security@slackware.com
Subject: [slackware-security] new apache/mod_ssl packages available

New Apache packages for Slackware are available to fix a security issue.

From the Apache site:

"While testing for Oracle vulnerabilities, Mark Litchfield discovered a
denial of service attack for Apache on Windows.  Investigation by the
Apache Software Foundation showed that this issue has a wider scope, which
on some platforms results in a denial of service vulnerability, while on
some other platforms presents a potential a remote exploit vulnerability."

The complete text of the Apache announcement may be found here:
  https://httpd.apache.org/info/security_bulletin_20020617.txt

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0392 to this issue:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0392


SOLUTION
--------

We recommend that sites providing external Apache access upgrade to the fixed
Apache package as soon as possible.  If you are using mod_ssl, you will also
require an updated mod_ssl package.  Updated packages have been prepared for
Slackware 8.0 and 8.1.


WHERE TO FIND THE NEW PACKAGES:
-------------------------------
Updated Apache package for Slackware 8.0:

Updated Apache package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/slackware/n/apache-1.3.26-i386-1.tgz

Updated mod_ssl package for Slackware 8.0:

Updated mod_ssl package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/slackware/n/mod_ssl-2.8.9_1.3.26-i386-1.tgz


MD5 SIGNATURE:
--------------

Here are the md5sums for the packages:

Slackware 8.0:
69de43846c84209bc274ff5c1af554d6  apache.tgz
ca09ade9fbcd66b2e6e2aa13906140d2  mod_ssl.tgz

Slackware 8.1:
d92ba4c9a8b4afd589e274f394fa0e3c  apache-1.3.26-i386-1.tgz
1ac6cd008bb22db99accacc8648efbf6  mod_ssl-2.8.9_1.3.26-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

First, stop apache:

   # apachectl stop

Next, upgrade the package(s):

   # upgradepkg apache-1.3.26-i386-1.tgz
   # upgradepkg mod_ssl-2.8.9_1.3.26-i386-1.tgz

Then, restart apache:

   # apachectl start


Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
  http://www.slackware.com

Slackware: 'apache' Remote DoS vulnerability

June 20, 2002
Slackware has updated apache to fix the recent chunked encoding vulnerability.

Summary

Where Find New Packages

MD5 Signatures

Severity
Date: Wed, 19 Jun 2002 21:18:39 -0700 (PDT) From: Slackware Security Team To: slackware-security@slackware.com Subject: [slackware-security] new apache/mod_ssl packages available
New Apache packages for Slackware are available to fix a security issue.
From the Apache site:
"While testing for Oracle vulnerabilities, Mark Litchfield discovered a denial of service attack for Apache on Windows. Investigation by the Apache Software Foundation showed that this issue has a wider scope, which on some platforms results in a denial of service vulnerability, while on some other platforms presents a potential a remote exploit vulnerability."
The complete text of the Apache announcement may be found here: https://httpd.apache.org/info/security_bulletin_20020617.txt
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0392 to this issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0392
SOLUTION --------
We recommend that sites providing external Apache access upgrade to the fixed Apache package as soon as possible. If you are using mod_ssl, you will also require an updated mod_ssl package. Updated packages have been prepared for Slackware 8.0 and 8.1.
WHERE TO FIND THE NEW PACKAGES: ------------------------------- Updated Apache package for Slackware 8.0:
Updated Apache package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/slackware/n/apache-1.3.26-i386-1.tgz
Updated mod_ssl package for Slackware 8.0:
Updated mod_ssl package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/slackware/n/mod_ssl-2.8.9_1.3.26-i386-1.tgz
MD5 SIGNATURE: --------------
Here are the md5sums for the packages:
Slackware 8.0: 69de43846c84209bc274ff5c1af554d6 apache.tgz ca09ade9fbcd66b2e6e2aa13906140d2 mod_ssl.tgz
Slackware 8.1: d92ba4c9a8b4afd589e274f394fa0e3c apache-1.3.26-i386-1.tgz 1ac6cd008bb22db99accacc8648efbf6 mod_ssl-2.8.9_1.3.26-i386-1.tgz
INSTALLATION INSTRUCTIONS: --------------------------
First, stop apache:
# apachectl stop
Next, upgrade the package(s):
# upgradepkg apache-1.3.26-i386-1.tgz # upgradepkg mod_ssl-2.8.9_1.3.26-i386-1.tgz
Then, restart apache:
# apachectl start
Remember, it's also a good idea to backup configuration files before upgrading packages.
- Slackware Linux Security Team http://www.slackware.com

Installation Instructions

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved