Slackware je izdao zakrpu koja ispravlja ranjivost paketa APR i APR-util, a uspješni napadač ju može iskoristiti za izvođenje DoS napada.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  apr/apr-util (SSA:2011-133-01)

New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1,
12.2, 13.0, 13.1, 13.37, and -current to fix a security issue.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/apr-1.4.4-i486-1_slack13.37.txz:  Upgraded.
  This fixes a possible denial of service due to an unconstrained, recursive
  invocation of apr_fnmatch().  This function has been reimplemented using a
  non-recursive algorithm.  Thanks to William Rowe.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419
  (* Security fix *)
patches/packages/apr-util-1.3.11-i486-1_slack13.37.txz:  Upgraded.
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apr-1.4.4-i486-1_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/apr-util-1.3.11-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-1.4.4-i486-1_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-util-1.3.11-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-1.4.4-i486-1_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-util-1.3.11-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-1.4.4-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-util-1.3.11-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-1.4.4-i486-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-util-1.3.11-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-1.4.4-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-util-1.3.11-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-1.4.4-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-util-1.3.11-i486-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-1.4.4-i486-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-util-1.3.11-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-1.4.4-x86_64-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-util-1.3.11-x86_64-1_slack13.1.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-1.4.4-x86_64-1_slack13.37.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-util-1.3.11-x86_64-1_slack13.37.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-1.4.4-i486-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-util-1.3.11-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-1.4.4-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-util-1.3.11-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 11.0 package:
0b18b21f2709e592f2d829323c8db2bd  apr-1.4.4-i486-1_slack11.0.tgz
6313ea5ec365a07c86eaaba2ae5a7696  apr-util-1.3.11-i486-1_slack11.0.tgz

Slackware 12.0 package:
b9b2c76b963a9dcba68c54172dbfd2e8  apr-1.4.4-i486-1_slack12.0.tgz
015ad6f362a378efd18f12cb9ecc7c9d  apr-util-1.3.11-i486-1_slack12.0.tgz

Slackware 12.1 package:
9e80da5d7f8f823a2ed9936b3cd0269b  apr-1.4.4-i486-1_slack12.1.tgz
00ab57f63b1c30c7cf6cfcea365badb1  apr-util-1.3.11-i486-1_slack12.1.tgz

Slackware 12.2 package:
aee097dbd39db150302d02f86d92609e  apr-1.4.4-i486-1_slack12.2.tgz
e61f61b8723bd06da8275e015ea03eac  apr-util-1.3.11-i486-1_slack12.2.tgz

Slackware 13.0 package:
023e7e77f01816d92a707546d570ec79  apr-1.4.4-i486-1_slack13.0.txz
e168ac8e42e201c7af87c3fd231ec95f  apr-util-1.3.11-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
7343a01be2f8a38118c75aa5133a7958  apr-1.4.4-x86_64-1_slack13.0.txz
458a11c15ed52db5b510c7d1aea065d5  apr-util-1.3.11-x86_64-1_slack13.0.txz

Slackware 13.1 package:
39a284a31204f0572d9e732df2e51c92  apr-1.4.4-i486-1_slack13.1.txz
fd264ef731d61afa627489dec1ed6d37  apr-util-1.3.11-i486-1_slack13.1.txz

Slackware 13.37 package:
2afbb475a8a0e4b5f48d42d2ba49a668  apr-1.4.4-i486-1_slack13.37.txz
a0e0f77943e718f26c448f7da7590406  apr-util-1.3.11-i486-1_slack13.37.txz

Slackware x86_64 13.1 package:
232289470e6486f08f7b9ee3755c055e  apr-1.4.4-x86_64-1_slack13.1.txz
777badbae85f141b55b370337967c55c  apr-util-1.3.11-x86_64-1_slack13.1.txz

Slackware x86_64 13.37 package:
9a2d329a4cdabb9369e9ed7e78cdffcf  apr-1.4.4-x86_64-1_slack13.37.txz
6ba07cc7e5cab3ac648d0012783fe455  apr-util-1.3.11-x86_64-1_slack13.37.txz

Slackware -current package:
4e010ab165a7504563f316db5b0e34ac  apr-1.4.4-i486-1.txz
7c4c1d8febf9e51a95b627e6631ea2b2  apr-util-1.3.11-i486-1.txz

Slackware x86_64 -current package:
5707d225f07da633c67773f6cc6d3fd6  apr-1.4.4-x86_64-1.txz
31d3ce32a2e964ab3128804077cdccd0  apr-util-1.3.11-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg apr-1.4.4-i486-1_slack13.37.txz
apr-util-1.3.11-i486-1_slack13.37.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite. with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk3NltYACgkQakRjwEAQIjOUnACbB9llwKkkSgxxbyjtWFOTMFJQ
QgcAnjSSItf5HV5AKy5Aw5n2gWI2cb6u
=+kY4
-----END PGP SIGNATURE-----