Upgrade httpd dan openssl

Submitted by michael on Thu, 11/03/2010 - 14:09

SitusIni

Upgrade httpd Apache ke versi 2.2.15 :) juga patch openssl dan openssl-solibs. Btw, jika scan server tertulis versi httpd 2.2.13 yang digunakan. Yach ! Itu kerja dari modsecurity yang berurusan dengan header versi httpd Apache.



patches/packages/httpd-2.2.15-x86_64-1_slack13.0.txz: Upgraded.

       This update addresses a few security issues.

       mod_ssl: A partial fix for the TLS renegotiation prefix injection attack

       by rejecting any client-initiated renegotiations.

       mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent

       when request headers indicate a request body is incoming; not a case of

       HTTP_INTERNAL_SERVER_ERROR.

       mod_isapi: Do not unload an isapi .dll module until the request processing

       is completed, avoiding orphaned callback pointers.

       [This is the most serious flaw, but does not affect Linux systems]

       For more information, see:

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425

       (* Security fix *)

Add new comment

Navigation

MindBox

Upgrade httpd dan openssl