Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2002-0731131128
HistoryJul 31, 2002 - 1:11 p.m.

Security updates for Slackware 8.1

2002-07-3113:11:28
Slackware Linux Project
www.slackware.com
44

0.012 Low

EPSS

Percentile

83.5%

JSON

Several security updates are now available for Slackware 8.1, including
updated packages for Apache, glibc, mod_ssl, openssh, openssl, and php.

Here are the details from the Slackware 8.1 ChangeLog:

Tue Jul 30 19:45:52 PDT 2002
patches/packages/apache-1.3.26-i386-2.tgz: Upgraded the included libmm
to version 1.2.1. Versions of libmm earlier than 1.2.0 contain a tmp file
vulnerability which may allow the local Apache user to gain privileges via
temporary files or symlinks. For details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658
This was also recompiled using EAPI patch from mod_ssl-2.8.10_1.3.26.
(* Security fix )
patches/packages/glibc-2.2.5-i386-3.tgz: Patched to fix a buffer overflow
in glibc’s DNS resolver functions that look up network addresses.
Another workaround for this problem is to edit /etc/nsswtich.conf changing:
networks: files dns
to:
networks: files
( Security fix )
patches/packages/glibc-solibs-2.2.5-i386-3.tgz: Patched to fix a buffer
overflow in glibc’s DNS resolver functions that look up network addresses.
( Security fix )
patches/packages/mod_ssl-2.8.10_1.3.26-i386-1.tgz: This update fixes an
off-by-one error in earlier versions of mod_ssl that may allow local users to
execute code as the Apache user. For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653
( Security fix )
patches/packages/openssh-3.4p1-i386-2.tgz: Recompiled against openssl-0.9.6e.
This update also contains a fix to the installation script to ensure that the
sshd privsep user is correctly created.
patches/packages/openssl-0.9.6e-i386-1.tgz: Upgraded to openssl-0.9.6e, which
fixes 4 potentially remotely exploitable bugs. For details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
( Security fix )
patches/packages/openssl-solibs-0.9.6e-i386-1.tgz: Upgraded to openssl-0.9.6e,
which fixes 4 potentially remotely exploitable bugs. For details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659
( Security fix )
patches/packages/php-4.2.2-i386-1.tgz: Upgraded to php-4.2.2. Earlier versions
of PHP 4.2.x contain a security vulnerability, which although not currently
considered exploitable on the x86 architecture is probably still a good to
patch. For details, see: http://www.cert.org/advisories/CA-2002-21.html
( Security fix *)

WHERE TO FIND THE NEW PACKAGES:

ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/apache-1.3.26-i386-2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/glibc-2.2.5-i386-3.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/glibc-solibs-2.2.5-i386-3.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/mod_ssl-2.8.10_1.3.26-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-3.4p1-i386-2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-0.9.6e-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-solibs-0.9.6e-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/php-4.2.2-i386-1.tgz

MD5 SIGNATURES:

Here are the md5sums for the packages:
9af3e989fb581fbb29cf6b2d91b1a921 apache-1.3.26-i386-2.tgz
d159bf51306def68f9d28ef5bed06e52 glibc-2.2.5-i386-3.tgz
0b5414fbecbb7aace3593cdfeecba907 glibc-solibs-2.2.5-i386-3.tgz
aaa5a61ff4600d415cf583dab9fbd0a0 mod_ssl-2.8.10_1.3.26-i386-1.tgz
ea0ee4aac4b28ab3f8ed2190e7b3a7d8 openssh-3.4p1-i386-2.tgz
88f32f01ce855d4363bc71899404e2db openssl-0.9.6e-i386-1.tgz
c20073efd9e3847bfa28da9d614e1dcd openssl-solibs-0.9.6e-i386-1.tgz
032bc53692b721ecec80d69944112ea1 php-4.2.2-i386-1.tgz

INSTALLATION INSTRUCTIONS:

Upgrade existing packages using the upgradepkg command:

 > upgradepkg apache-1.3.26-i386-2.tgz glibc-2.2.5-i386-3.tgz \
 glibc-solibs-2.2.5-i386-3.tgz mod_ssl-2.8.10_1.3.26-i386-1.tgz \
 openssh-3.4p1-i386-2.tgz openssl-0.9.6e-i386-1.tgz \
 openssl-solibs-0.9.6e-i386-1.tgz php-4.2.2-i386-1.tgz

If the packages have not been previously installed, either use the
installpkg command, or the --install-new option with upgradepkg.

Finally, if your site runs Apache it will need to be restarted:

 > apachectl restart

Related

slackware 1
nessus 21
suse 2
openvas 8
cert 8
osv 3
cve 3
openssl 1
redhat 1
packetstorm 1
debiancve 2
debian 5
securityvulns 2
f5 1
slackware
slackware
SSA-2002-0731201128
2002-07-31 20:11:28
nessus
nessus
SSA-18706 Security updates for Slackware 8.1
2005-07-13 00:00:00
RHEL 2.1 : mod_ssl (RHSA-2002:136)
2004-07-06 00:00:00
Apache mod_ssl ssl_compat_directive Function Overflow
2002-07-02 00:00:00
suse
suse
local privilege escalation in mod_ssl, mm
2002-07-31 16:22:10
buffer overflow in openssl/Slapper worm
2002-09-20 07:48:45
openvas
openvas
mod_ssl off by one
2005-11-03 00:00:00
Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
2008-01-17 00:00:00
Apache HTTP Server 'mod_ssl' Off By One Vulnerability
2005-11-03 00:00:00
cert
cert
Buffer Overflow in mod_ssl
2003-04-17 00:00:00
Integer overflow in xdr_array() function when deserializing the XDR stream
2002-08-01 00:00:00
Multiple vendors' Internet Key Exchange (IKE) implementations do not properly handle IKE response packets
2002-08-12 00:00:00
osv
osv
libapache-mod-ssl -- buffer overflow / DoS
2002-07-02 00:00:00
mm - insecure temporary files
2002-07-30 00:00:00
openssl - multiple remote exploits
2002-07-30 00:00:00
cve
cve
CVE-2002-0653
2002-07-11 04:00:00
CVE-2002-0659
2002-08-12 04:00:00
CVE-2002-0658
2002-08-12 04:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2002-0659
2002-07-30 00:00:00
redhat
redhat
(RHSA-2002:161) openssl security update
2003-02-06 00:00:00
packetstorm
packetstorm
opensslrv.txt
2002-07-31 00:00:00
debiancve
debiancve
CVE-2002-0659
2002-08-12 04:00:00
CVE-2002-0658
2002-08-12 04:00:00
debian
debian
[SECURITY] [DSA 137-1] New mm packages fix insecure temporary file creation
2002-07-30 17:21:44
[SECURITY] [DSA 137-1] New mm packages fix insecure temporary file creation
2002-07-30 17:21:44
[SECURITY] [DSA-136-2] Multiple OpenSSL problems (update)
2002-09-15 00:00:00
securityvulns
securityvulns
RUS-CERT Advisory 2002-08:01: Incorrect integer overflow detection in C code
2002-08-08 00:00:00
Advisory CA-2002-23 Multiple Vulnerabilities In OpenSSL
2002-07-31 00:00:00
f5
f5
K000138057 : mod_ssl vulnerabilities CVE-2002-1157 and CVE-2002-0653
2023-12-27 00:00:00

0.012 Low

EPSS

Percentile

83.5%

JSON
Related for SSA-2002-0731131128
slackware1nessus21suse2openvas8cert8osv3cve3openssl1redhat1packetstorm1debiancve2debian5securityvulns2f51