From: Ozhan Karaman (ozi@bodrum.yore.com.tr)
Date: Wed 18 Oct 2000 - 16:15:02 EEST
----- Original Message -----
From: Slackware Security Team <security@slackware.com>
To: <slackware-security@slackware.com>
Sent: Monday, October 16, 2000 9:29 PM
Subject: [slackware-security] Apache 1.3.14 available
> Several security problems have been found in the Apache web server
> software. It is recommended that all users of Apache upgrade to the
> latest stable release to fix these problems.
>
> Apache is included in our N software series in the apache.tgz package. A
> new apache.tgz package including Apache 1.3.14 is available in the
> Slackware -current tree. All users of Slackware 7.0, 7.1, and -current
> are urged to upgraded to this package.
>
>
> =========================================
> apache 1.3.14 AVAILABLE - (n1/apache.tgz)
> =========================================
>
> The following security problems have been fixed with the release of
> Apache 1.3.14:
>
> * A problem with the Rewrite module, mod_rewrite, allowed access to
> any file on the web server under certain circumstances.
>
> * The handling of Host: headers in mass virtual hosting
configurations,
> mod_vhost_alias, could allow access to any file on the server.
>
> * If a cgi-bin directory is under the document root, the source to
> the scripts inside it could be sent if using mass virtual hosting.
>
> The new Slackware apache.tgz package can be downloaded from the
> -current branch:
>
>
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/n1/apache.t
gz
>
> This package is *ONLY* for users of Slackware 7.0 and higher. All
> users of Slackware 7.0 and higher that use Apache are urged to upgrade
> to this new package.
>
> For verification purposes, we provide the following checksums:
>
> 16-bit "sum" checksum:
> 36187 2184 n1/apache.tgz
>
> 128-bit MD5 message digest:
> 42cabff64514457bf9e81e55decda9fe n1/apache.tgz
>
> Installation instructions for the apache.tgz package:
>
> Make sure Apache is not running:
>
> # /var/lib/apache/sbin/apachectl stop
>
> Upgrade the package:
>
> # upgradepkg apache.tgz
>
> Restart Apache:
>
> # /etc/rc.d/rc.httpd
>
>
> You should definitely backup your Apache configuration files and data, as
> upgrading this package will overwrite them with the defaults in the
> package.
>
> - Slackware Linux Security Team
> http://www.slackware.com
>
> +------------------------------------------------------------------------+
> | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
> +------------------------------------------------------------------------+
> | Send an email to majordomo@slackware.com with this text in the body of |
> | the email message: |
> | |
> | unsubscribe slackware-security |
> | |
> | You will get a confirmation message back. Follow the instructions to |
> | complete the unsubscription. Do not reply to this message to |
> | unsubscribe! |
> +------------------------------------------------------------------------+
>
>
Listeden cikmak icin:
unsub linux
mesajini listeci@bilkent.edu.tr adresine gonderiniz.
Lutfen Listeci icin MIME / HTML / Turkce Aksan kullanmayin.
Listeci arayuzu: http://listweb.bilkent.edu.tr/yardim/bilkent/linux.html
Liste arsivinin adresi: http://listweb.bilkent.edu.tr/