Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2009-214-01
HistoryAug 02, 2009 - 3:33 p.m.

httpd

2009-08-0215:33:03
Slackware Linux Project
www.slackware.com
29

0.084 Low

EPSS

Percentile

93.8%

JSON

New httpd packages are available for Slackware 12.0, 12.1, 12.2, and -current
to fix security issues.

More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956

Here are the details from the Slackware 12.2 ChangeLog:

patches/packages/httpd-2.2.12-i486-1_slack12.2.tgz: Upgraded.
This update fixes some security issues (from the CHANGES file):
*) SECURITY: CVE-2009-1891 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects. PR 39605.
[Joe Orton, Ruediger Pluem]
*) SECURITY: CVE-2009-1195 (cve.mitre.org)
Prevent the "Includes" Option from being enabled in an .htaccess
file if the AllowOverride restrictions do not permit it.
[Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
Ruediger Pluem, Jeff Trawick]
*) SECURITY: CVE-2009-1890 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_proxy in a
reverse proxy configuration, where a remote attacker can force a
proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
*) SECURITY: CVE-2009-1191 (cve.mitre.org)
mod_proxy_ajp: Avoid delivering content from a previous request which
failed to send a request body. PR 46949 [Ruediger Pluem]
) SECURITY: CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 (cve.mitre.org)
The bundled copy of the APR-util library has been updated, fixing three
different security issues which may affect particular configurations
and third-party modules.
These last three CVEs were addressed in Slackware previously with an
update to new system apr and apr-util packages.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956
( Security fix *)

Where to find the new packages:

HINT: Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try. This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.12-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.12-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.12-i486-1_slack12.2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.12-i486-1.txz

Updated package for Slackware64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.12-x86_64-1.txz

MD5 signatures:

Slackware 12.0 package:
1ef7c8d65f8d7398abfcde3dd46aed7f httpd-2.2.12-i486-1_slack12.0.tgz

Slackware 12.1 package:
349f4437fb4c2573a134c3485dda0265 httpd-2.2.12-i486-1_slack12.1.tgz

Slackware 12.2 package:
253406ed8801276a635008d7749db55f httpd-2.2.12-i486-1_slack12.2.tgz

Slackware -current package:
4a2ffd0ef9184fed93f651b83f6eaf6a httpd-2.2.12-i486-1.txz

Slackware64 -current package:
560b607f09a934a46fc3112a2659b06b httpd-2.2.12-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg httpd-2.2.12-i486-1_slack12.2.tgz

Then, restart the httpd server.

Related

nessus 50
freebsd 2
openvas 89
altlinux 3
ubuntu 4
gentoo 2
fedora 4
redhat 6
centos 3
securityvulns 4
oraclelinux 3
slackware 1
debian 3
osv 2
suse 1
seebug 4
prion 3
veracode 1
debiancve 3
ubuntucve 2
cve 3
httpd 4
cbl_mariner 2
nessus
nessus
Apache 2.2.x < 2.2.12 Multiple Vulnerabilities
2009-08-02 00:00:00
Slackware 12.0 / 12.1 / 12.2 / current : httpd (SSA:2009-214-01)
2009-08-03 00:00:00
FreeBSD : apache22 -- several vulnerabilities (e15f2356-9139-11de-8f42-001aa0166822)
2009-08-25 00:00:00
freebsd
freebsd
apache22 -- several vulnerabilities
2009-07-28 00:00:00
apr -- multiple vulnerabilities
2009-06-05 00:00:00
openvas
openvas
Slackware Advisory SSA:2009-214-01 httpd
2012-09-11 00:00:00
Slackware: Security Advisory (SSA:2009-214-01)
2012-09-10 00:00:00
FreeBSD Ports: apache
2009-09-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 2.2.12-alt1
2009-07-30 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.12-alt1
2009-07-30 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.12-alt1
2009-07-30 00:00:00
ubuntu
ubuntu
Apache vulnerabilities
2009-06-11 00:00:00
apr-util vulnerabilities
2009-06-10 00:00:00
Apache vulnerabilities
2009-07-13 00:00:00
gentoo
gentoo
Apache: Multiple vulnerabilities
2009-07-12 00:00:00
APR Utility Library: Multiple vulnerabilities
2009-07-04 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: httpd-2.2.13-1.fc11
2009-08-31 23:39:38
[SECURITY] Fedora 9 Update: apr-util-1.2.12-7.fc9
2009-06-24 19:32:52
[SECURITY] Fedora 11 Update: apr-util-1.3.7-1.fc11
2009-06-24 19:36:44
redhat
redhat
(RHSA-2009:1108) Moderate: httpd security update
2009-06-16 00:00:00
(RHSA-2009:1107) Moderate: apr-util security update
2009-06-16 00:00:00
(RHSA-2009:1156) Important: httpd security update
2009-07-14 00:00:00
centos
centos
apr security update
2009-06-19 09:53:07
httpd, mod_ssl security update
2009-06-17 14:02:38
httpd, mod_ssl security update
2009-07-14 12:16:38
securityvulns
securityvulns
Apache apr-util webDav DoS
2009-06-05 00:00:00
Apache DoS
2009-07-09 00:00:00
[ MDVSA-2009:149 ] apache
2009-07-09 00:00:00
oraclelinux
oraclelinux
httpd security update
2009-06-17 00:00:00
apr-util security update
2009-06-16 00:00:00
httpd security update
2009-07-09 00:00:00
slackware
slackware
apr-util
2009-06-16 17:40:37
debian
debian
[SECURITY] [DSA 1834-2] New apache/apache2-mpm-itk fix regression
2009-07-30 16:37:19
[SECURITY] [DSA 1834-1] New apache2 packages fix denial of service
2009-07-15 19:01:57
[SECURITY] [DSA 1812-1] New apr-util packages fix several vulnerabilities
2009-06-04 19:22:36
osv
osv
apache2 apache2-mpm-itk - denial of service
2009-07-15 00:00:00
apr-util - several vulnerabilities
2009-06-04 00:00:00
suse
suse
potential code execution in apache2,libapr1
2009-10-26 13:21:56
seebug
seebug
Apache mod_proxy反向代理拒绝服务漏洞
2009-07-07 00:00:00
Apache mod_proxy_ajp信息泄露漏洞
2009-04-25 00:00:00
Apache APR-util库apr_strmatch_precompile()函数整数下溢漏洞
2009-06-09 00:00:00
prion
prion
Cross site request forgery (csrf)
2009-04-23 17:30:00
Heap overflow
2009-06-08 01:00:00
Code injection
2009-07-10 15:30:00
veracode
veracode
Information Disclosure
2020-04-10 00:38:15
debiancve
debiancve
CVE-2009-1191
2009-04-23 17:30:00
CVE-2009-1890
2009-07-05 16:30:00
CVE-2009-0023
2009-06-08 01:00:00
ubuntucve
ubuntucve
CVE-2009-0023
2009-06-08 00:00:00
CVE-2009-1191
2009-04-23 00:00:00
cve
cve
CVE-2009-1890
2009-07-05 16:30:00
CVE-2009-0023
2009-06-08 01:00:00
CVE-2009-1191
2009-04-23 17:30:00
httpd
httpd
Apache Httpd < 2.2.12 : mod_proxy_ajp information disclosure
2009-03-05 00:00:00
Apache Httpd < 2.0.64 : mod_deflate DoS
2009-06-26 00:00:00
Apache Httpd < 2.2.12 : mod_proxy reverse proxy DoS
2009-06-30 00:00:00
cbl_mariner
cbl_mariner
CVE-2009-1890 affecting package httpd 2.4.53-1
2022-11-16 02:26:12
CVE-2009-1890 affecting package httpd 2.4.53-1
2022-11-24 00:45:35

0.084 Low

EPSS

Percentile

93.8%

JSON
Related for SSA-2009-214-01
nessus50freebsd2openvas89altlinux3ubuntu4gentoo2fedora4redhat6centos3securityvulns4oraclelinux3slackware1debian3osv2suse1seebug4prion3veracode1debiancve3ubuntucve2cve3httpd4cbl_mariner2