[Cucumber-linux-security] apache (security update is available)

[Z5T1 <z5...@z5...>]

  Update Information

A security update is available for apache for the following versions of
Cucumber Linux:

  * 1.0.beta

Here are the details from the Cucumber 1.0.beta changelog:

+----------------+
Tue Jun 20 09:27:01 EDT 2017
net-general/apache upgraded from 2.4.25 to 2.4.26 to fix a few security
	vulnerabilities which (amongst other things) allowed for
	bypassing of the normal authentication requirements when third
	party modules called ap_get_basic_auth_pw() under certain
	circumstances (CVE-2017-3167). It also patches some
	vulnerabilties related to invalid memory access (CVE-2017-3169
	and CVE-2017-7679). For more information see:
		https://nvd.nist.gov/vuln/detail/CVE-2017-3169
		https://nvd.nist.gov/vuln/detail/CVE-2017-7679
		https://nvd.nist.gov/vuln/detail/CVE-2017-3167
		http://www-us.apache.org/dist//httpd/CHANGES_2.4.26
* SECURITY FIX *
+----------------+

------------------------------------------------------------------------


  Installing the Update

The updated package can be installed via Pickle by running the following
commands (as root):

# pickle --update
# pickle

Make sure apache is selected on the update list, and then select Ok.
Pickle will then install the updated package.

If you prefer to download the updated package manually, it can be found
at the following location:

Cucumber 1.0.beta i686:
http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.beta/cucumber-i686/net-general/apache-2.4.26-i686-1.txz

Cucumber 1.0.beta x86_64:
http://mirror.cucumberlinux.com/cucumber/cucumber-1.0.beta/cucumber-x86_64/net-general/apache-2.4.26-x86_64-1.txz

To upgrade the package manually, download the new package and run the
following command (as root):

# upgradepkg apache-2.4.26-i686-1.txz


------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
http://www.cucumberlinux.com/security.php