[slackware-security] apache (SSA:2004-133-01) - Problems with SSL
This is a discussion on [slackware-security] apache (SSA:2004-133-01) - Problems with SSL within the Slackware Linux Support forums, part of the Unix Operating Systems category; --> Slackware security has released a security upgrade to apache (see attachment). The Slackware 9.0 package ftp://ftp.slackware.com/pub/slackwar....29-i386-2.tgz contains a non-critical ...
| |||||||
![[slackware-security] apache (SSA:2004-133-01) - Problems with SSL](http://www.unixadmintalk.com/iconimages/slackware-linux-support/slackware-security-apache-ssa-2004-133-01-problems-ssl_ltr.gif)
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-19-2008, 11:30 AM
| ||||
| ||||
 [slackware-security] apache (SSA:2004-133-01) - Problems with SSL Slackware security has released a security upgrade to apache (see attachment). The Slackware 9.0 package ftp://ftp.slackware.com/pub/slackwar....29-i386-2.tgz contains a non-critical error: the updated /usr/sbin/apachectl no longer supports the startssl / sslstart / start-SSL options. If you run ssl on apache, beware: you will have to manually correct the /usr/sbin/apachectl script to add the startssl option back in. Archive your existing /usr/sbin/apachectl before you upgrade, and you'll be able to clone the logic, otherwise you'll have to concoct your own ssl start logic. This problem has been reported to slackware.com. -- Lew Pitcher Master Codewright & JOAT-in-training | GPG public key available on request Registered Linux User #112576 (http://counter.li.org/) Slackware - Because I know what I'm doing. >From security@slackware.com Wed May 12 19:54:58 2004 Return-Path: <owner-slackware-security@slackware.com> Received: from localhost (IDENT:0@localhost.l6s4x6-4.ca [127.0.0.1]) by merlin.l6s4x6-4.ca (8.12.10/8.12.9) with ESMTP id i4D205f9021253 for <lpitcher@localhost>; Wed, 12 May 2004 22:00:07 -0400 Received: from pop6.sympatico.ca [209.226.175.83] by localhost with POP3 (fetchmail-6.2.5) for lpitcher@localhost (single-drop); Wed, 12 May 2004 22:00:07 -0400 (EDT) Received: from toip2.bellnexxia.net ([209.226.175.85]) by tomts33-srv.bellnexxia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP id <20040513015938.GBKS4064.tomts33-srv.bellnexxia.net@toip2.bellnexxia.net>; Wed, 12 May 2004 21:59:38 -0400 Received: from slackware.com (HELO bob.slackware.com) (64.57.102.34) by toip2.bellnexxia.net with ESMTP; 12 May 2004 20:06:28 -0400 Received: from bob.slackware.com (localhost [127.0.0.1]) by bob.slackware.com (8.12.10/8.12.10) with ESMTP id i4D01msb022253; Wed, 12 May 2004 17:01:48 -0700 Received: from localhost (daemon@localhost) by bob.slackware.com (8.12.10/8.12.9/Submit) with SMTP id i4D019g4022206; Wed, 12 May 2004 17:01:09 -0700 Received: by bob.slackware.com (bulk_mailer v1.13); Wed, 12 May 2004 17:00:47 -0700 Received: from bob.slackware.com (localhost [127.0.0.1]) by bob.slackware.com (8.12.10/8.12.10) with ESMTP id i4D00ksb022169 for <slackware-security-output@bob.slackware.com>; Wed, 12 May 2004 17:00:46 -0700 Received: (from daemon@localhost) by bob.slackware.com (8.12.10/8.12.9/Submit) id i4D00kOG022168 for slackware-security-output; Wed, 12 May 2004 17:00:46 -0700 Received: from bob.slackware.com (localhost [127.0.0.1]) by bob.slackware.com (8.12.10/8.12.10) with ESMTP id i4D00ksb022165 for <slackware-security@slackware.com>; Wed, 12 May 2004 17:00:46 -0700 Received: (from root@localhost) by bob.slackware.com (8.12.10/8.12.9/Submit) id i4D00keo022164 for slackware-security@slackware.com; Wed, 12 May 2004 17:00:46 -0700 Received: from bob.slackware.com (localhost [127.0.0.1]) by bob.slackware.com (8.12.10/8.12.10) with ESMTP id i4CNswZl021953 for <slackware-security@slackware.com>; Wed, 12 May 2004 16:54:58 -0700 Received: from localhost (security@localhost) by bob.slackware.com (8.12.10/8.12.9/Submit) with ESMTP id i4CNswpQ021950 for <slackware-security@slackware.com>; Wed, 12 May 2004 16:54:58 -0700 X-Authentication-Warning: bob.slackware.com: security owned process doing -bs Date: Wed, 12 May 2004 16:54:58 -0700 (PDT) From: Slackware Security Team <security@slackware.com> To: slackware-security@slackware.com Subject: [slackware-security] apache (SSA:2004-133-01) Message-ID: <Pine.LNX.4.58.0405121654360.21948@bob.slackware.c om> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-slackware-security@slackware.com Reply-To: Slackware Security Team <security@slackware.com> X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on merlin.l6s4x6-4.ca X-Spam-Level: X-Spam-Status: No, hits=-104.9 required=5.0 tests=BAYES_00,USER_IN_WHITELIST autolearn=ham version=2.61 Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] apache (SSA:2004-133-01) New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache's errorlog (which could create an exploit if the error log is read in a terminal program that does not filter such escapes). We recommend that sites running Apache upgrade to the new Apache package. More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0987 http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0020 http://cve.mitre.org/cgi-bin/cvename...=CAN-2004-0174 http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0993 Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Wed May 12 13:06:39 PDT 2004 patches/packages/apache-1.3.29-i486-2.tgz: Patched four security issues in the Apache web server as noted on http://httpd.apache.org. These security fixes were backported from Apache 1.3.31: In mod_digest, verify whether the nonce returned in the client response is one we issued ourselves. This problem does not affect mod_auth_digest. (CAN-2003-0987) Escape arbitrary data before writing into the errorlog. (CAN-2003-0020) Fix starvation issue on listening sockets where a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. (CAN-2004-0174) Fix parsing of Allow/Deny rules using IP addresses without a netmask; issue is only known to affect big-endian 64-bit platforms (CAN-2003-0993) For more details, see: http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0987 http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0020 http://cve.mitre.org/cgi-bin/cvename...=CAN-2004-0174 http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0993 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackwar....29-i386-2.tgz Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackwar....29-i386-2.tgz Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackwar....29-i486-2.tgz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackwar....31-i486-1.tgz (these related packages are also available) ftp://ftp.slackware.com/pub/slackwar....31-i486-2.tgz ftp://ftp.slackware.com/pub/slackwar...3.6-i486-2.tgz MD5 signatures: +-------------+ Slackware 8.1 package: 53949a74ba3dd0a01271e3aa1178e082 apache-1.3.29-i386-2.tgz Slackware 9.0 package: 64ede1f5637736842502301eb5bd727d apache-1.3.29-i386-2.tgz Slackware 9.1 package: ec5dad948d8b17b82b91d756a5c6b0f9 apache-1.3.29-i486-2.tgz Slackware -current packages: a925f8be7b8bbcb7e4a77e2ef755988a apache-1.3.31-i486-1.tgz 684626575e1c2a783b3d8d208876aab4 mod_ssl-2.8.17_1.3.31-i486-2.tgz ad27d5f96281e11567184411b7c0720e php-4.3.6-i486-2.tgz Installation instructions: +------------------------+ First, stop apache: # apachectl stop Next, upgrade the Apache package as root: (if you're running -current, upgrade mod_ssl and php as well) # upgradepkg apache-1.3.29-i486-2.tgz Finally, restart apache: # apachectl start Or, if you're running a secure server with mod_ssl: # apachectl startssl +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAoq6BakRjwEAQIjMRArVdAKCUpK0yrttsmaiaxkwnyC MSMpjdygCdHgaK WuRejVuF9XzjATed+VRlBYw= =+cB4 -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFApAaHagVFX4UWr64RAmM6AJ9lW5sRNZOGjeHWRmRzHD G+9ZYHLACgiwuB yLDc1LM1lFfGqMdKaK3buf4= =g3Zw -----END PGP SIGNATURE-----      |
Linear Mode
