Slackware Security Advisories [2011-05-27] (apr/apr-util, httpd, bind)
[slackware-security] apr/apr-util (SSA:2011-145-01)
New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1,
12.2, 13.0, 13.1, 13.37, and -current to fix a security issue in apr and
a crash bug in apr-util.
Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/apr-1.4.5-i486-1_slack13.37.txz: Upgraded.
This fixes a possible denial of service due to a problem with a loop in
the new apr_fnmatch() implementation consuming CPU.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928
(* Security fix *)
patches/packages/apr-util-1.3.12-i486-1_slack13.37.txz: Upgraded.
Fix crash because of NULL cleanup registered by apr_ldap_rebind_init().
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! 
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated packages for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apr-1.4.5-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apr-util-1.3.12-i486-1_slack11.0.tgz
Updated packages for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-1.4.5-i486-1_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-util-1.3.12-i486-1_slack12.0.tgz
Updated packages for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-1.4.5-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-util-1.3.12-i486-1_slack12.1.tgz
Updated packages for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-1.4.5-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-util-1.3.12-i486-1_slack12.2.tgz
Updated packages for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-1.4.5-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-util-1.3.12-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-1.4.5-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-util-1.3.12-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-1.4.5-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-util-1.3.12-i486-1_slack13.1.txz
Updated packages for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-1.4.5-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-util-1.3.12-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-1.4.5-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-util-1.3.12-x86_64-1_slack13.1.txz
Updated packages for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-1.4.5-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-util-1.3.12-x86_64-1_slack13.37.txz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-1.4.5-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-util-1.3.12-i486-1.txz
Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-1.4.5-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-util-1.3.12-x86_64-1.txz
+--------------------------------------+
[slackware-security] httpd (SSA:2011-145-02)
New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,
13.37, and -current to fix accidental ABI breakage caused by httpd-2.2.18.
Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/httpd-2.2.19-i486-1_slack13.37.txz: Upgraded.
Revert ABI breakage in 2.2.18 caused by the function signature change
of ap_unescape_url_keep2f(). This release restores the signature from
2.2.17 and prior, and introduces ap_unescape_url_keep2f_ex().
Apache httpd-2.2.18 is considered abandoned. All users must upgrade.
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.19-i486-1_slack12.0.tgz
Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.19-i486-1_slack12.1.tgz
Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.19-i486-1_slack12.2.tgz
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.19-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.19-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.19-i486-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.19-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.19-x86_64-1_slack13.1.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.19-x86_64-1_slack13.37.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.19-i486-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.19-x86_64-1.txz
+--------------------------------------------------+
[slackware-security] bind (SSA:2011-147-01)
New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,
11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/bind-9.7.3_P1-i486-1_slack13.37.txz: Upgraded.
This release fixes security issues:
* A large RRSET from a remote authoritative server that results in
the recursive resolver trying to negatively cache the response can
hit an off by one code error in named, resulting in named crashing.
[RT #24650] [CVE-2011-1910]
* Zones that have a DS record in the parent zone but are also listed
in a DLV and won't validate without DLV could fail to validate. [RT
#24631]
For more information, see:
http://www.isc.org/software/bind/advisories/cve-2011-1910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bind-9.4_ESV_R4_P1-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bind-9.4_ESV_R4_P1-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack10.2.tgz
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack12.0.tgz
Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack12.1.tgz
Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack12.2.tgz
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.4_ESV_R4_P1-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.4_ESV_R4_P1-i486-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.7.3_P1-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.4_ESV_R4_P1-x86_64-1_slack13.1.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.7.3_P1-x86_64-1_slack13.37.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.7.3_P1-i486-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.7.3_P1-x86_64-1.txz
Featuring
Blogroll
Kategori
- Aplikasi (2)
- POS (2)
- Linux (3)
- News (1)
- Social Network (1)
- Tips & Trik (1)
- Uncategorized (1)
- Web Design (1)
Recent Posts
- Aplikasi SPA/SALON dari SLEKI akan segera hadir
- Slackware Security Advisories [2011-05-27] (apr/apr-util, httpd, bind)
- Slackware 13.37 is released!
- Lite POS 1.02 (update only)
- Pembuatan website perusahaan/personal, e-commerce dan lain sebagainya
StievenK
- Press Release: PF-PPWI Sulawesi Utara stieven
- Whitney Houston meninggal di usia 48 tahun (Dead at 48) stieven
- Nikon D800 stieven
- Festival Budaya 2012: Kuncikan Figura dan Perayaan Cap Go Meh stieven
- Sunset Journey Never End: My sister's Pre-Wedding Phothshot stieven
- Sunset Journet Never End: Kembali ke tempat yang dilupakan stieven
- New Firmware untuk DSL-526B h/w T stieven
- Sunset Journey Never End: Tempat favorit yang dilupakan stieven
- Sunset Journey Never End: Kuala Jengki, Mc Donald stieven
- Tips Fotografi High-Key dilatar belakang yang tidak benar-benar putih stieven