Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : Apache httpd redux (SSA:2006-130-01)

medium Nessus Plugin ID 21346

Synopsis

The remote Slackware host is missing a security update.

Description

New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a bug with Apache 1.3.35 and glibc that breaks wildcards in Include directives. It may not occur with all versions of glibc, but it has been verified on -current (using an Include within a file already Included causes a crash), so better to patch it and reissue these packages just to be sure. My apologies if the last batch of updates caused anyone undue grief... they worked here with my (too simple?) config files. Note that if you use mod_ssl, you'll also require the mod_ssl package that was part of yesterday's release, and on -current you'll need the newest PHP package (if you use PHP). Thanks to Francesco Gringoli for bringing this issue to my attention.

Solution

Update the affected apache package.

See Also

http://www.nessus.org/u?269cdf3c

Plugin Details

Severity: Medium

ID: 21346

File Name: Slackware_SSA_2006-130-01.nasl

Version: 1.16

Type: local

Published: 5/13/2006

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:apache, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:10.0, cpe:/o:slackware:slackware_linux:10.1, cpe:/o:slackware:slackware_linux:10.2, cpe:/o:slackware:slackware_linux:8.1, cpe:/o:slackware:slackware_linux:9.0, cpe:/o:slackware:slackware_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Patch Publication Date: 5/10/2006

Reference Information

CVE: CVE-2005-3352

SSA: 2006-130-01