---

Advisories, May 10, 2006

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200605-10


http://security.gentoo.org/


Severity: High
Title: pdnsd: Denial of Service and potential arbitrary code
execution
Date: May 10, 2006
Bugs: #131341
ID: 200605-10


Synopsis

pdnsd is vulnerable to a buffer overflow that may result in
arbitrary code execution.

Background

pdnsd is a proxy DNS server with permanent caching that is
designed to cope with unreachable DNS servers.

Affected packages


     Package        /  Vulnerable  /                        Unaffected

  1  net-dns/pdnsd       < 1.2.4                              >= 1.2.4

Description

The pdnsd team has discovered an unspecified buffer overflow
vulnerability. The PROTOS DNS Test Suite, by the Oulu University
Secure Programming Group (OUSPG), has also revealed a memory leak
error within the handling of the QTYPE and QCLASS DNS queries,
leading to consumption of large amounts of memory.

Impact

An attacker can craft malicious DNS queries leading to a Denial
of Service, and potentially the execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All pdnsd users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-dns/pdnsd-1.2.4-r1"

References

[ 1 ] CVE-2006-2076

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2076

[ 2 ] CVE-2006-2077

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2077

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200605-10.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200605-11


http://security.gentoo.org/


Severity: Normal
Title: Ruby: Denial of Service
Date: May 10, 2006
Bugs: #130657
ID: 200605-11


Synopsis

Ruby WEBrick and XMLRPC servers are vulnerable to Denial of
Service.

Background

Ruby is an interpreted scripting language for quick and easy
object-oriented programming. It comes bundled with HTTP (“WEBrick”)
and XMLRPC server objects.

Affected packages


     Package        /  Vulnerable  /                        Unaffected

  1  dev-lang/ruby     < 1.8.4-r1                          >= 1.8.4-r1

Description

Ruby uses blocking sockets for WEBrick and XMLRPC servers.

Impact

An attacker could send large amounts of data to an affected
server to block the socket and thus deny other connections to the
server.

Workaround

There is no known workaround at this time.

Resolution

All Ruby users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.4-r1"

References

[ 1 ] CVE-2006-1931

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1931

[ 2 ] Ruby release announcement

http://www.ruby-lang.org/en/20051224.html

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200605-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200605-12


http://security.gentoo.org/


Severity: Normal
Title: Quake 3 engine based games: Buffer Overflow
Date: May 10, 2006
Bugs: #132377
ID: 200605-12


Synopsis

The Quake 3 engine has a vulnerability that could be exploited
to execute arbitrary code.

Background

Quake 3 is a multiplayer first person shooter.

Affected packages


     Package                    /  Vulnerable  /            Unaffected


1 games-fps/quake3-bin < 1.32c >= 1.32c 2 games-fps/rtcw < 1.41b >= 1.41b 3 games-fps/enemy-territory < 2.60b >= 2.60b ------------------------------------------------------------------- 3 affected packages on all of their supported architectures.

Description

landser discovered a vulnerability within the “remapShader”
command. Due to a boundary handling error in “remapShader”, there
is a possibility of a buffer overflow.

Impact

An attacker could set up a malicious game server and entice
users to connect to it, potentially resulting in the execution of
arbitrary code with the rights of the game user.

Workaround

Do not connect to untrusted game servers.

Resolution

All Quake 3 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=games-fps/quake3-bin-1.32c"

All RTCW users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=games-fps/rtcw-1.41b"

All Enemy Territory users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=games-fps/enemy-territory-2.60b"

References

[ 1 ] CVE-2006-2236

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2236

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200605-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:083
http://www.mandriva.com/security/


Package : gdm
Date : May 9, 2006
Affected: 2006.0


Problem Description:

A race condition in daemon/slave.c in gdm before 2.14.1 allows
local users to gain privileges via a symlink attack when gdm
performs chown and chgrp operations on the .ICEauthority file.

Packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1057


Updated Packages:

Mandriva Linux 2006.0:
d252ac2b6b8e0ea6c42b97d12154e054
2006.0/RPMS/gdm-2.8.0.4-1.1.20060mdk.i586.rpm
06c26efefc15238226177bcf2b557f98
2006.0/RPMS/gdm-Xnest-2.8.0.4-1.1.20060mdk.i586.rpm
7061440dac40a07c55a14e2a1f673536
2006.0/SRPMS/gdm-2.8.0.4-1.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
aaa20636b30f9b8df2c9c538b7c77635
x86_64/2006.0/RPMS/gdm-2.8.0.4-1.1.20060mdk.x86_64.rpm
ac0ab88f60162481348072b67151883a
x86_64/2006.0/RPMS/gdm-Xnest-2.8.0.4-1.1.20060mdk.x86_64.rpm
7061440dac40a07c55a14e2a1f673536
x86_64/2006.0/SRPMS/gdm-2.8.0.4-1.1.20060mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:084
http://www.mandriva.com/security/


Package : MySQL
Date : May 10, 2006
Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall
2.0


Problem Description:

The check_connection function in sql_parse.cc in MySQL 4.0.x up
to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote
attackers to read portions of memory via a username without a
trailing null byte, which causes a buffer over-read.
(CVE-2006-1516)

sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18,
and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive
information via a COM_TABLE_DUMP request with an incorrect packet
length, which includes portions of memory in an error message.
(CVE-2006-1517)

Updated packages have been patched to correct these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517


Updated Packages:

Mandriva Linux 10.2:
4909fe2f65460b5d570c6a7ba9cff866
10.2/RPMS/libmysql14-4.1.11-1.4.102mdk.i586.rpm
2abf3bab6adb4c55869189a77fc3fb55
10.2/RPMS/libmysql14-devel-4.1.11-1.4.102mdk.i586.rpm
5f7cb8b59cec81673b33c8f288854cdd
10.2/RPMS/MySQL-4.1.11-1.4.102mdk.i586.rpm
baf754c73e1d9d5d075af16bbb670865
10.2/RPMS/MySQL-bench-4.1.11-1.4.102mdk.i586.rpm
4186fd1a7a4addda9ed50c142f09e0ad
10.2/RPMS/MySQL-client-4.1.11-1.4.102mdk.i586.rpm
26c570f455d7113f2af79493fce1f09c
10.2/RPMS/MySQL-common-4.1.11-1.4.102mdk.i586.rpm
feb16e6ba1272758d8eb5b03960a8109
10.2/RPMS/MySQL-Max-4.1.11-1.4.102mdk.i586.rpm
ff61354715f761a46a8910141c17308d
10.2/RPMS/MySQL-NDB-4.1.11-1.4.102mdk.i586.rpm
52cbe54bd00e29484c6c25735c7bcb94
10.2/SRPMS/MySQL-4.1.11-1.4.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
505a4c981db838708fdf1f63bb8bf1d9
x86_64/10.2/RPMS/lib64mysql14-4.1.11-1.4.102mdk.x86_64.rpm
58cfd4b6f1c2a44475fc4e0b155c411b
x86_64/10.2/RPMS/lib64mysql14-devel-4.1.11-1.4.102mdk.x86_64.rpm

71b93f12b9441a16a674e21d083fb106
x86_64/10.2/RPMS/MySQL-4.1.11-1.4.102mdk.x86_64.rpm
e2453637f22fdc0035972e22ed5446d5
x86_64/10.2/RPMS/MySQL-bench-4.1.11-1.4.102mdk.x86_64.rpm
924a711c2d7bfcb183e67c0ed8455cdf
x86_64/10.2/RPMS/MySQL-client-4.1.11-1.4.102mdk.x86_64.rpm
fea020684cfe4447d84b236ed3eb8712
x86_64/10.2/RPMS/MySQL-common-4.1.11-1.4.102mdk.x86_64.rpm
4f613498aba6803507a6210025c364bd
x86_64/10.2/RPMS/MySQL-Max-4.1.11-1.4.102mdk.x86_64.rpm
d211d2b6bef7e4a8702b6d10f1a2e9c8
x86_64/10.2/RPMS/MySQL-NDB-4.1.11-1.4.102mdk.x86_64.rpm
52cbe54bd00e29484c6c25735c7bcb94
x86_64/10.2/SRPMS/MySQL-4.1.11-1.4.102mdk.src.rpm

Mandriva Linux 2006.0:
1116c2cbc0a6f7b443caa1db80b7cc96
2006.0/RPMS/libmysql14-4.1.12-3.2.20060mdk.i586.rpm
a1d6f0b6b6c3441723ddce425f9d7962
2006.0/RPMS/libmysql14-devel-4.1.12-3.2.20060mdk.i586.rpm
9d8d79e0b992d7014e6fc48e759a6588
2006.0/RPMS/MySQL-4.1.12-3.2.20060mdk.i586.rpm
f1b66a2737dd7cd25e91807fc228b538
2006.0/RPMS/MySQL-bench-4.1.12-3.2.20060mdk.i586.rpm
9ff1b0895c676d7fb397be4d0696b510
2006.0/RPMS/MySQL-client-4.1.12-3.2.20060mdk.i586.rpm
d9a488579d2318523bdd59bf3bea426c
2006.0/RPMS/MySQL-common-4.1.12-3.2.20060mdk.i586.rpm
465af10c347f571dc01af650bd26c1ff
2006.0/RPMS/MySQL-Max-4.1.12-3.2.20060mdk.i586.rpm
113a35b2c5d17ce60404787fcee90146
2006.0/RPMS/MySQL-NDB-4.1.12-3.2.20060mdk.i586.rpm
5b2a2092676086292383ac5178cb0be1
2006.0/RPMS/X11R6-contrib-6.9.0-5.6.20060mdk.i586.rpm
fab0e8f7d4365d264c28e5f731d3d34b
2006.0/SRPMS/MySQL-4.1.12-3.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
95076266d5ef2642c402f7130cdfe241
x86_64/2006.0/RPMS/lib64mysql14-4.1.12-3.2.20060mdk.x86_64.rpm
acbdc71b998c812c24ed7114c368ece3
x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-3.2.20060mdk.x86_64.rpm

ea9a4fc478ddeb0fafaa50e0ea4a208f
x86_64/2006.0/RPMS/MySQL-4.1.12-3.2.20060mdk.x86_64.rpm
fef7934cf4bee099e8e64bc0b75f885d
x86_64/2006.0/RPMS/MySQL-bench-4.1.12-3.2.20060mdk.x86_64.rpm
e713937238d32342925e65ef301585e7
x86_64/2006.0/RPMS/MySQL-client-4.1.12-3.2.20060mdk.x86_64.rpm
1f36af145e87802e37c673a66360fe34
x86_64/2006.0/RPMS/MySQL-common-4.1.12-3.2.20060mdk.x86_64.rpm
c24793f5e9e10a9601db7dac7d096b29
x86_64/2006.0/RPMS/MySQL-Max-4.1.12-3.2.20060mdk.x86_64.rpm
82b03a0968e65e92cdb569d8149e0fd1
x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-3.2.20060mdk.x86_64.rpm
fab0e8f7d4365d264c28e5f731d3d34b
x86_64/2006.0/SRPMS/MySQL-4.1.12-3.2.20060mdk.src.rpm

Corporate 3.0:
08e6f2ab4f9e4c527519fb927cd1bbd7
corporate/3.0/RPMS/libmysql12-4.0.18-1.9.C30mdk.i586.rpm
01de6e536bcd09a1b61c41b1f42f2f72
corporate/3.0/RPMS/libmysql12-devel-4.0.18-1.9.C30mdk.i586.rpm
ddf99e4e753c37709883b04d1cf2030a
corporate/3.0/RPMS/MySQL-4.0.18-1.9.C30mdk.i586.rpm
4cee7ed9d192be77d78dd72d8fcd2eaa
corporate/3.0/RPMS/MySQL-bench-4.0.18-1.9.C30mdk.i586.rpm
65faadbbd953da2f71e7ba575aabd9c5
corporate/3.0/RPMS/MySQL-client-4.0.18-1.9.C30mdk.i586.rpm
d88cb2542f68be1438770e916cedfbf8
corporate/3.0/RPMS/MySQL-common-4.0.18-1.9.C30mdk.i586.rpm
8930f8e648b838abad0e905402d7f098
corporate/3.0/RPMS/MySQL-Max-4.0.18-1.9.C30mdk.i586.rpm
d67f3b91058f8e17bf72d75b1d131e2d
corporate/3.0/SRPMS/MySQL-4.0.18-1.9.C30mdk.src.rpm

Corporate 3.0/X86_64:
85adbefb6c932da4febb94fbd9ad477c
x86_64/corporate/3.0/RPMS/lib64mysql12-4.0.18-1.9.C30mdk.x86_64.rpm

d94af3b74686045910e2330bd5245a30
x86_64/corporate/3.0/RPMS/lib64mysql12-devel-4.0.18-1.9.C30mdk.x86_64.rpm

36f0d3bb53766d832fce145d119f52c9
x86_64/corporate/3.0/RPMS/MySQL-4.0.18-1.9.C30mdk.x86_64.rpm
538493e0ec4636f1dd0ec0ef8a26165c
x86_64/corporate/3.0/RPMS/MySQL-bench-4.0.18-1.9.C30mdk.x86_64.rpm

6773bce043fabd3871ec292bcbe20e7a
x86_64/corporate/3.0/RPMS/MySQL-client-4.0.18-1.9.C30mdk.x86_64.rpm

fd0876c6a9dfe36df6d116ce5433b152
x86_64/corporate/3.0/RPMS/MySQL-common-4.0.18-1.9.C30mdk.x86_64.rpm

808c8c1e8d107e810a2a16f0be2aa5ac
x86_64/corporate/3.0/RPMS/MySQL-Max-4.0.18-1.9.C30mdk.x86_64.rpm

d67f3b91058f8e17bf72d75b1d131e2d
x86_64/corporate/3.0/SRPMS/MySQL-4.0.18-1.9.C30mdk.src.rpm

Multi Network Firewall 2.0:
516e242273227de34c51bc5d5ddd23fd
mnf/2.0/RPMS/libmysql12-4.0.18-1.9.M20mdk.i586.rpm
043291efac87bbdcb08ecb706ba4301d
mnf/2.0/SRPMS/MySQL-4.0.18-1.9.M20mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:085
http://www.mandriva.com/security/


Package : xine-ui
Date : May 10, 2006
Affected: 2006.0, Corporate 3.0


Problem Description:

Multiple format string vulnerabilities in xiTK (xitk/main.c) in
xine allow remote attackers to execute arbitrary code via format
string specifiers in a long filename on an EXTINFO line in a
playlist file.

Packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1905


Updated Packages:

Mandriva Linux 2006.0:
650fe424e812f24ca55fbae9ac58f191
2006.0/RPMS/xine-ui-0.99.4-1.1.20060mdk.i586.rpm
93642d5dcbf76bdb55f6a1b79a82a740
2006.0/RPMS/xine-ui-aa-0.99.4-1.1.20060mdk.i586.rpm
233e02e5d13ea968b7497a67df0094a9
2006.0/RPMS/xine-ui-fb-0.99.4-1.1.20060mdk.i586.rpm
f4b89ad1d813c792c5700861b360066f
2006.0/SRPMS/xine-ui-0.99.4-1.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
71e490c1d0941c5c93601968165af681
x86_64/2006.0/RPMS/xine-ui-0.99.4-1.1.20060mdk.x86_64.rpm
263a49cfbf4be6832af2f583b0e30ea8
x86_64/2006.0/RPMS/xine-ui-aa-0.99.4-1.1.20060mdk.x86_64.rpm
2f6a5637fd940883b8381491dc1fa403
x86_64/2006.0/RPMS/xine-ui-fb-0.99.4-1.1.20060mdk.x86_64.rpm
f4b89ad1d813c792c5700861b360066f
x86_64/2006.0/SRPMS/xine-ui-0.99.4-1.1.20060mdk.src.rpm

Corporate 3.0:
19461fcb7b20d100d804d59a156d47e9
corporate/3.0/RPMS/xine-ui-0.9.23-3.3.C30mdk.i586.rpm
e72a7090b1027ffd1d051785ba638d2b
corporate/3.0/RPMS/xine-ui-aa-0.9.23-3.3.C30mdk.i586.rpm
9f735f80528fbe7645819b8c7ee1392e
corporate/3.0/RPMS/xine-ui-fb-0.9.23-3.3.C30mdk.i586.rpm
70b43223c2a42e044cc92e6721b9c074
corporate/3.0/SRPMS/xine-ui-0.9.23-3.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
40d8285c71ff0b1c6649576ba98bb1d3
x86_64/corporate/3.0/RPMS/xine-ui-0.9.23-3.3.C30mdk.x86_64.rpm
a8ed9fe1599138cfa39dc8a748bbcb3d
x86_64/corporate/3.0/RPMS/xine-ui-aa-0.9.23-3.3.C30mdk.x86_64.rpm

53a46955f3dff408ff65995043ec30da
x86_64/corporate/3.0/RPMS/xine-ui-fb-0.9.23-3.3.C30mdk.x86_64.rpm

70b43223c2a42e044cc92e6721b9c074
x86_64/corporate/3.0/SRPMS/xine-ui-0.9.23-3.3.C30mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Slackware Linux

[slackware-security] Apache httpd redux (SSA:2006-130-01)

New Apache packages are available for Slackware 8.1, 9.0, 9.1,
10.0, 10.1, 10.2, and -current to fix a bug with Apache 1.3.35 and
glibc that breaks wildcards in Include directives. It may not occur
with all versions of glibc, but it has been verified on -current
(using an Include within a file already Included causes a crash),
so better to patch it and reissue these packages just to be sure.
My apologies if the last batch of updates caused anyone undue
grief… they worked here with my (too simple?) config files.

Note that if you use mod_ssl, you’ll also require the mod_ssl
package that was part of yesterday’s release, and on -current
you’ll need the newest PHP package (if you use PHP).

Thanks to Francesco Gringoli for bringing this issue to my
attention.

Here are the details from the Slackware 10.2 ChangeLog:
+————————–+
patches/packages/apache-1.3.35-i486-2_slack10.2.tgz:
Patched to fix totally broken Include behavior.
Thanks to Francesco Gringoli for reporting this bug.
+————————–+

Where to find the new
packages:

Updated package for Slackware 8.1:

ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.35-i386-2_slack8.1.tgz

Updated package for Slackware 9.0:

ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/apache-1.3.35-i386-2_slack9.0.tgz

Updated package for Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/apache-1.3.35-i486-2_slack9.1.tgz

Updated package for Slackware 10.0:

ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/apache-1.3.35-i486-2_slack10.0.tgz

Updated package for Slackware 10.1:

ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/apache-1.3.35-i486-2_slack10.1.tgz

Updated package for Slackware 10.2:

ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/apache-1.3.35-i486-2_slack10.2.tgz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/apache-1.3.35-i486-2.tgz

MD5 signatures:

Slackware 8.1 package:
3affa50debe634e148d8cfed98733a47
apache-1.3.35-i386-2_slack8.1.tgz

Slackware 9.0 package:
d3d5c446c6b16c84d17a43c0e836071c
apache-1.3.35-i386-2_slack9.0.tgz

Slackware 9.1 package:
daa91eb34cd487f7621301f95ac931ce
apache-1.3.35-i486-2_slack9.1.tgz

Slackware 10.0 package:
d4031f1dc80659091c9b83a9bfed2a9e
apache-1.3.35-i486-2_slack10.0.tgz

Slackware 10.1 package:
a1239458270ae312f4d7f510cbd9785b
apache-1.3.35-i486-2_slack10.1.tgz

Slackware 10.2 package:
78130e24c739ea5c3569a0ab6647a7df
apache-1.3.35-i486-2_slack10.2.tgz

Slackware -current packages:
4b961ce755054c1820988ff0192922ad apache-1.3.35-i486-2.tgz

Installation instructions:

First, stop apache:

# apachectl stop

Then, upgrade the apache package:

# upgradepkg apache-1.3.35-i486-2_slack10.2.tgz

Finally, restart apache:

# apachectl start

Or, if you use mod_ssl:

# apachectl startssl

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis