[Cucumber-linux-security] apache (security update is available)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
Menu
▾
▴
[Cucumber-linux-security] apache (security update is available)
|
From: Scott C. <sc...@cu...> - 2019-01-25 18:36:14
|
Update Information A security update is available for apache for the following versions of Cucumber Linux: * 1.1 Here are the details from the Cucumber 1.1 changelog: +----------------+ Fri Jan 25 13:16:00 EST 2019 net-general/apache upgraded from 2.4.37 to 2.4.38. This update fixes three security vulnerabilities: CVE-2018-17199: a vulnerability in mod_session_cookie that allowed for sessions to be reused. CVE-2018-17189: a vulnerability in mod_http2 that allowed for a denial of service by causing the httpd cleanup code to consume thread resources. CVE-2019-0190: a vulnerability in mod_ssl that allowed for a client to trigger an infinite loop in TLSv1.2 (or earlier) when using OpenSSL 1.1.1 or later. As Cucumber Linux 1.1 uses OpenSSL 1.0.2, it is not clear whether this impacts Cucumber Linux 1.1. This update also includes several non-security upstream bug fixes. For more information see: http://www.apache.org/dist/httpd/CHANGES_2.4.38 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199 https://security.cucumberlinux.com/security/details.php?id=652 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189 https://security.cucumberlinux.com/security/details.php?id=653 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190 https://security.cucumberlinux.com/security/details.php?id=654 * SECURITY FIX * +----------------+ ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-652 [CVE-2018-17199] (https://security.cucumberlinux.com/security/details.php?id=652) * CLD-653 [CVE-2018-17189] (https://security.cucumberlinux.com/security/details.php?id=653) * CLD-654 [CVE-2019-0190] (https://security.cucumberlinux.com/security/details.php?id=654) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure apache is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> https://www.cucumberlinux.com/security.php |
