[slackware-security]  httpd (SSA:2013-062-01)

New httpd packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.4-i486-1_slack14.0.txz:  Upgraded.
  This update provides bugfixes and enhancements.
  Two security issues are fixed:
  *  Various XSS flaws due to unescaped hostnames and URIs HTML output in
     mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
     [Jim Jagielski, Stefan Fritsch, Niels Heinen <heinenn google com>]
  *  XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
     Niels Heinen <heinenn google com>]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.24-i4
86-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.24-i4
86-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.24-i4
86-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.24-
x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.24-i4
86-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.24-
x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.24-i
486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.24
-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.4-i48
6-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.4-x
86_64-1_slack14.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.4-i486-
1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.4-x
86_64-1.txz


MD5 signatures:
+-------------+

Slackware 12.1 package:
cdc26999b5fd2787f1eaef285dad47bc  httpd-2.2.24-i486-1_slack12.1.tgz

Slackware 12.2 package:
7671b12ad7b163c1aba0fb7278349c0d  httpd-2.2.24-i486-1_slack12.2.tgz

Slackware 13.0 package:
5ca815faf37f28c2e365f47643d7b9a4  httpd-2.2.24-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
715fa297d5451dafdbe1b296565b3a08  httpd-2.2.24-x86_64-1_slack13.0.txz

Slackware 13.1 package:
4246568ea7eada4c3c4dc6bd95464784  httpd-2.2.24-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
2ee64f87af8563132fccfe53e9f0f4c9  httpd-2.2.24-x86_64-1_slack13.1.txz

Slackware 13.37 package:
252c123e2a3c03aff1aa2112050de945  httpd-2.2.24-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
9a5fcc681c89c131478910d999e25170  httpd-2.2.24-x86_64-1_slack13.37.txz

Slackware 14.0 package:
32d6ffa35ea58aaf4d9e325b857c4e11  httpd-2.4.4-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
889197760474094bce962f900f5258b1  httpd-2.4.4-x86_64-1_slack14.0.txz

Slackware -current package:
ae7a5606e6ec97ec74ab64bf7cde5c03  n/httpd-2.4.4-i486-1.txz

Slackware x86_64 -current package:
09c32bd3fef0741e0743c0590e72f9d2  n/httpd-2.4.4-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg httpd-2.4.4-i486-1_slack14.0.txz

Then, restart Apache httpd:

# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

IT security jobs: What's in demand and how to meet it

Posted on 15 May 2013.  |  Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.

Is Microsoft is reading your Skype communications?

Posted on 15 May 2013.  |  The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.

Internet Explorer best at blocking malware

Posted on 14 May 2013.  |  While Chrome’s malware download protection improved significantly, Internet Explorer 10 continues to outperform the other browsers with a block rate of 99.96%.

Researcher refuses to help Saudi telco to spy on people

Posted on 14 May 2013.  |  You would think that a Saudi Arabian telecom firm interested in monitoring its users' mobile communications would not be asking a well-known pro-privacy researcher for help, but you would be wrong.

Malicious browser extensions are hijacking Facebook accounts

Posted on 13 May 2013.  |  Facebook users - especially those in Brazil - are being targeted with malicious browser extensions trying to hijack Facebook profiles, warns Microsoft.