Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-13.0 ChangeLog (2010-03-08) ====== ====== Mon Mar 8 20:49:02 UTC 2010 ====== ===== Packages ===== ==== Upgraded ==== * [[slackware.13.0>patches/packages/httpd-2.2.15-i486-1_slack13.0.txz]] \\ This update addresses a few security issues. \\ mod_ssl: A partial fix for the TLS renegotiation prefix injection attack \\ by rejecting any client-initiated renegotiations. \\ mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent \\ when request headers indicate a request body is incoming; not a case of \\ HTTP_INTERNAL_SERVER_ERROR. \\ mod_isapi: Do not unload an isapi .dll module until the request processing \\ is completed, avoiding orphaned callback pointers. \\ [This is the most serious flaw, but does not affect Linux systems] \\ For more information, see: \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408 \\ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425 \\ (* Security fix *) {{tag>slackware changelog slackware-13.0 2010-03}} news/2010/03/08/slackware-13.0-changelog.txt Last modified: 6 months agoby Giuseppe Di Terlizzi Log In