Lucene search

Slackware Linux ProjectSSA-2024-184-01

HistoryJul 02, 2024 - 7:38 p.m.

[slackware-security] httpd

2024-07-0219:38:48

Slackware Linux Project

www.slackware.com

slackware 15.0

slackware -current

httpd update

security fix

regression fix

apache

ftp hosting

osu open source lab

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

Low

JSON

New httpd packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/httpd-2.4.60-i586-2_slack15.0.txz: Rebuilt.
This update is to fix a regression and to note security issues that were not
listed in the CHANGES file included with the source code.
Fixed a regression where a config file using AddType rather than AddHandler
could cause raw PHP files to be downloaded rather than processed.
Thanks to Nobby6.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.60
https://vulners.com/cve/CVE-2024-39573
https://vulners.com/cve/CVE-2024-38477
https://vulners.com/cve/CVE-2024-38476
https://vulners.com/cve/CVE-2024-38475
https://vulners.com/cve/CVE-2024-38474
https://vulners.com/cve/CVE-2024-38473
https://vulners.com/cve/CVE-2024-38472
https://vulners.com/cve/CVE-2024-36387
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/httpd-2.4.60-i586-2_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/httpd-2.4.60-x86_64-2_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.60-i586-2.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.60-x86_64-2.txz

MD5 signatures:

Slackware 15.0 package:
5f7180a311268d3249d7ae426caa04d5 httpd-2.4.60-i586-2_slack15.0.txz

Slackware x86_64 15.0 package:
c98b552d4a9532e071663814d81695c4 httpd-2.4.60-x86_64-2_slack15.0.txz

Slackware -current package:
148986bd904948f5208e56cc7fba415b n/httpd-2.4.60-i586-2.txz

Slackware x86_64 -current package:
d20a1b2e0183b8c47b6cde7fd1a2e24a n/httpd-2.4.60-x86_64-2.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg httpd-2.4.60-i586-2_slack15.0.txz

Then, restart Apache httpd:

> /etc/rc.d/rc.httpd stop
> /etc/rc.d/rc.httpd start

OSVersionArchitecturePackageVersionFilename
Slackware15.0i586httpd< 2.4.60httpd-2.4.60-i586-2_slack15.0.txz
Slackware15.0x86_64httpd< 2.4.60httpd-2.4.60-x86_64-2_slack15.0.txz
Slackwarecurrenti586httpd< 2.4.60httpd-2.4.60-i586-2.txz
Slackwarecurrentx86_64httpd< 2.4.60httpd-2.4.60-x86_64-2.txz

OS	Version	Architecture	Package	Version	Filename
Slackware	15.0	i586	httpd	< 2.4.60	httpd-2.4.60-i586-2_slack15.0.txz
Slackware	15.0	x86_64	httpd	< 2.4.60	httpd-2.4.60-x86_64-2_slack15.0.txz
Slackware	current	i586	httpd	< 2.4.60	httpd-2.4.60-i586-2.txz
Slackware	current	x86_64	httpd	< 2.4.60	httpd-2.4.60-x86_64-2.txz