Bluewhite64 Linux: [Bluewhite64 Linux Security] httpd [BW64SA:20090804-02]

Welcome

Be cool!

Linux, Bluewhite64 Linux T-shirts, Wall Clocks, Mugs, Hats, Bags

Buy Bluewhite64 DVDs
(USA Store)

Custom Search

RSS Feeds

Our news can be syndicated by using these rss feeds.

Latest Forum Posts

Posted by charlie
Updated the function: bw () { #Enter your [more ...]
24 Aug : 03:21

Posted by darshin
As we all know, ZFS is by far the best file system.People ha [more ...]
20 Aug : 16:17

Posted by charlie
Bluewhite64 should add something more than what Slackware64 [more ...]
26 Jul : 23:05

Posted by tpreitzel
Well, if we do see a new version of Bluewhite64, Arny is kee [more ...]
25 May : 23:19

Posted by Diver
Hello.I compiled KDE-4.4.3 with the help of Alien's scripts [more ...]
25 May : 21:35

Posted by /dev/twisted
I sure hope he does, I really like BW.I check this forum eve [more ...]
25 May : 08:48

Posted by Diver
Slackware-13.1 is out! )Can we hope to see the new version o [more ...]
25 May : 08:39

Posted by Kenjiro Tanaka
Eric/alienbob,I am really sorry. I really thought (before re [more ...]
29 Apr : 23:20

Posted by alienbob
Kenjiro,Thanks for finally giving public credit to the sourc [more ...]
29 Apr : 22:37

Posted by Kenjiro Tanaka
Hello there.Diver, my last two builds (kde-4.4.1 and kde-4.4 [more ...]
28 Apr : 15:04

[Bluewhite64 Linux Security] httpd [BW64SA:20090804-02]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[Bluewhite64 Linux Security] httpd [BW64SA:20090804-02]

New httpd packages are available for Bluewhite64 Linux 12.0, 12.1, 12.2, and -current
to fix security issues.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956

Here are the details from the Bluewhite64 Linux 12.2 ChangeLog:
- ----------------------------------------------------------------
PATCHES/packages/httpd-2.2.12-x86_64-1.tgz: Upgraded.
This update fixes some security issues (from the CHANGES file):
*) SECURITY: CVE-2009-1891 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects. PR 39605.
[Joe Orton, Ruediger Pluem]
*) SECURITY: CVE-2009-1195 (cve.mitre.org)
Prevent the "Includes" Option from being enabled in an .htaccess
file if the AllowOverride restrictions do not permit it.
[Jonathan Peatfield , Joe Orton,
Ruediger Pluem, Jeff Trawick]
*) SECURITY: CVE-2009-1890 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_proxy in a
reverse proxy configuration, where a remote attacker can force a
proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
*) SECURITY: CVE-2009-1191 (cve.mitre.org)
mod_proxy_ajp: Avoid delivering content from a previous request which
failed to send a request body. PR 46949 [Ruediger Pluem]
*) SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956
[*** Security fix ***]

Download the new packages from:
- --------------------------------
For Bluewhite64 Linux 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/httpd-2.2.12-x86_64-1.tgz

For Bluewhite64 Linux 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/httpd-2.2.12-x86_64-1.tgz

For Bluewhite64 Linux 12.2:
http://data.bluewhite64.com/bluewhite64-12.2/patches/packages/httpd-2.2.12-x86_64-1.tgz

For Bluewhite64 Linux -current:
http://data.bluewhite64.com/bluewhite64-current/bluewhite64/n/httpd-2.2.12-x86_64-1.txz

Also, please see the "Get Bluewhite64" section on http://www.bluewhite64.com for
additional mirror sites near you.

MD5 signatures:
- ----------------
Bluewhite64 12.0 package:
f434029eb810570e691866a6ec7a13ef httpd-2.2.12-x86_64-1.tgz

Bluewhite64 12.1 package:
b33e26eff822262cc141cd66a1f48ab4 httpd-2.2.12-x86_64-1.tgz

Bluewhite64 12.2 package:
13f9776e1d74e8669435eaf94598aae9 httpd-2.2.12-x86_64-1.tgz

Bluewhite64 -current package:
83ab1fdf0c34798f135da688b3ef6d7c httpd-2.2.12-x86_64-1.txz

Installation instructions:
- ----------------------------
Upgrade the package as root:
# upgradepkg httpd-2.2.12-x86_64-1.tgz

Restart the httpd server using the following command:

/etc/rc.d/rc.httpd restart

- ---
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key

security©bluewhite64.com

- ------------------------------------------------------
To leave the bluewhite64-security mailing list:
Send a blank email to

bluewhite64-security-unsubscribe©bluewhite64.com

You will get a confirmation message back containing
instructions to complete the process.

Please do not reply to this email address.
- ------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp4DK4ACgkQpTOsxuDdlY5YoQCfSrwD3kJ4EW2GYMh1QTwWrkup
kfsAn2AcNZhtxL+a1DRicQ/vIZgIOMk8
=nDoY
-----END PGP SIGNATURE-----