HTTPD Update for Slackware
The Slackware team has released updated HTTPD packages for both Slackware 15.0 and the -current branch to address several critical security vulnerabilities.
- Fixed Security Issues: The release addresses various vulnerabilities:
- Denial of Service (DoS) due to memory increase in HTTP/2.
- TLS upgrade attack vulnerabilities in mod_ssl.
- Denial of service issues with mod_proxy_http2.
- Access control bypass in mod_ssl using session resumption.
- Error log variable escaping in mod_ssl.
- Server-Side Request Forgery (SSRF) vulnerabilities affecting Windows systems and mod_headers.
- Potential HTTP response splitting issues.
- [CVE-2025-53020](https://www.cve.org/CVERecord?id=CVE-2025-53020)
- [CVE-2025-49812](https://www.cve.org/CVERecord?id=CVE-2025-49812)
- [CVE-2025-49630](https://www.cve.org/CVERecord?id=CVE-2025-49630)
- [CVE-2025-23048](https://www.cve.org/CVERecord?id=CVE-2025-23048)
- [CVE-2024-47252](https://www.cve.org/CVERecord?id=CVE-2024-47252)
- [CVE-2024-43394](https://www.cve.org/CVERecord?id=CVE-2024-43394)
- [CVE-2024-43204](https://www.cve.org/CVERecord?id=CVE-2024-43204)
- [CVE-2024-42516](https://www.cve.org/CVERecord?id=CVE-2024-42516)
- For Slackware 15.0 (i586): [httpd-2.4.65-i586-1_slack15.0.txz](ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/httpd-2.4.65-i586-1_slack15.0.txz)
- For Slackware 15.0 (x86_64): [httpd-2.4.65-x86_64-1_slack15.0.txz](ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/httpd-2.4.65-x86_64-1_slack15.0.txz)
- For Slackware -current (i686): [httpd-2.4.65-i686-1.txz](ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.65-i686-1.txz)
- For Slackware -current (x86_64): [httpd-2.4.65-x86_64-1.txz](ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.65-x86_64-1.txz)
- Slackware 15.0 (i586): `ebf0c0bea8b1ba4389ed9aa6dbbc575e`
- Slackware 15.0 (x86_64): `3b07387d6b74a6c5683cb71a2064168d`
- Slackware -current (i686): `2be9cb57b63487d6759844f85287234e`
- Slackware -current (x86_64): `98bc490f1760d137a16647e3374de7ce`
1. Upgrade the package:
As a reminder, users should always keep their systems updated to safeguard against vulnerabilities. Regularly check for updates and apply them promptly to ensure your system remains secure
The Slackware team has released updated HTTPD packages for both Slackware 15.0 and the -current branch to address several critical security vulnerabilities.
Key Updates
- Package Information: The updated package is labeled httpd (SSA:2025-204-01) and includes version 2.4.65 for both i586 and x86_64 architectures.- Fixed Security Issues: The release addresses various vulnerabilities:
- Denial of Service (DoS) due to memory increase in HTTP/2.
- TLS upgrade attack vulnerabilities in mod_ssl.
- Denial of service issues with mod_proxy_http2.
- Access control bypass in mod_ssl using session resumption.
- Error log variable escaping in mod_ssl.
- Server-Side Request Forgery (SSRF) vulnerabilities affecting Windows systems and mod_headers.
- Potential HTTP response splitting issues.
Security References
For a comprehensive list of the issues addressed, you can refer to the following CVE records:- [CVE-2025-53020](https://www.cve.org/CVERecord?id=CVE-2025-53020)
- [CVE-2025-49812](https://www.cve.org/CVERecord?id=CVE-2025-49812)
- [CVE-2025-49630](https://www.cve.org/CVERecord?id=CVE-2025-49630)
- [CVE-2025-23048](https://www.cve.org/CVERecord?id=CVE-2025-23048)
- [CVE-2024-47252](https://www.cve.org/CVERecord?id=CVE-2024-47252)
- [CVE-2024-43394](https://www.cve.org/CVERecord?id=CVE-2024-43394)
- [CVE-2024-43204](https://www.cve.org/CVERecord?id=CVE-2024-43204)
- [CVE-2024-42516](https://www.cve.org/CVERecord?id=CVE-2024-42516)
Download Links
The new packages can be found at the following locations:- For Slackware 15.0 (i586): [httpd-2.4.65-i586-1_slack15.0.txz](ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/httpd-2.4.65-i586-1_slack15.0.txz)
- For Slackware 15.0 (x86_64): [httpd-2.4.65-x86_64-1_slack15.0.txz](ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/httpd-2.4.65-x86_64-1_slack15.0.txz)
- For Slackware -current (i686): [httpd-2.4.65-i686-1.txz](ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.65-i686-1.txz)
- For Slackware -current (x86_64): [httpd-2.4.65-x86_64-1.txz](ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.65-x86_64-1.txz)
MD5 Signatures
To verify the integrity of the downloaded packages, here are the MD5 signatures:- Slackware 15.0 (i586): `ebf0c0bea8b1ba4389ed9aa6dbbc575e`
- Slackware 15.0 (x86_64): `3b07387d6b74a6c5683cb71a2064168d`
- Slackware -current (i686): `2be9cb57b63487d6759844f85287234e`
- Slackware -current (x86_64): `98bc490f1760d137a16647e3374de7ce`
Installation Instructions
To upgrade the package, execute the following commands as root:1. Upgrade the package:
bash2. Restart the Apache server:upgradepkg httpd-2.4.65-i586-1_slack15.0.txz
bash/etc/rc.d/rc.httpd stop
/etc/rc.d/rc.httpd start
Acknowledgments
Special thanks to the OSU Open Source Lab for providing FTP and rsync hosting to the Slackware project. For more information, visit [slackware.com](http://slackware.com).As a reminder, users should always keep their systems updated to safeguard against vulnerabilities. Regularly check for updates and apply them promptly to ensure your system remains secure
HTTPD update for Slackware
Updated httpd packages have been released for Slackware 15.0 and -current to address security vulnerabilities:
httpd (SSA:2025-204-01)
