| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000001c500d1$eeec5e00$0100a8c0@hubercomp.local>
Date: Sat, 22 Jan 2005 23:30:10 +0100
From: "Martin Pitt" <martin.pitt@...onical.com>
To: <huber@...t.webmailer.de>
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: [sb] [USN-65-1] Apache utility script vulnerability
===========================================================
Ubuntu Security Notice USN-65-1 January 19, 2005
apache vulnerabilities
http://bugs.debian.org/290974
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
apache-utils
The problem can be corrected by upgrading the affected package to
version 1.3.31-6ubuntu0.4. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Javier Fernández-Sanguino Peña noticed that the "check_forensic"
script created temporary files in an insecure manner. This could
allow a symbolic link attack to create or overwrite arbitrary files
with the privileges of the user invoking the program.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.4.diff.gz
Size/MD5: 369655 7ec465eece404f6ddd1d45a8292b1fe6
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.4.dsc
Size/MD5: 1102 9165d920ac5f269f5abf886ee392613c
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31.orig.tar.gz
Size/MD5: 3104170 ca475fbb40087eb157ec51334f260d1b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-dev_1.3.31-6ubuntu0.4_all.deb
Size/MD5: 329424 f05e89912051a57e3a0f4b439d813bcf
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-doc_1.3.31-6ubuntu0.4_all.deb
Size/MD5: 1186432 b7490f2099b1bd5b512cb2dba9fc3fcf
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.4_amd64.deb
Size/MD5: 873090 4de4ad38fa7021c3666349134f3f3939
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.4_amd64.deb
Size/MD5: 9131010 8dfb8f02f5cd07223069a08c3156a015
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.4_amd64.deb
Size/MD5: 520354 81033c5317f6d50b69a796df54f56f90
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.4_amd64.deb
Size/MD5: 510288 f986a142140d051b3d2590e7add86a54
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.4_amd64.deb
Size/MD5: 271078 bcb58f9b5a102f4109a0e6bd7b80a1c1
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.4_amd64.deb
Size/MD5: 397916 6f039537fd6365bd5627a6004f445e45
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2-14ubuntu0.1_amd64.deb
Size/MD5: 491306 86f3c435f888d78e6a03456af0eb7101
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.4_i386.deb
Size/MD5: 838326 6e8c39afade6e140502592602c180f81
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.4_i386.deb
Size/MD5: 9080282 3555a952ded8b3370691d8585163587a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.4_i386.deb
Size/MD5: 494050 62489a77ba210430b8803aea05be968c
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.4_i386.deb
Size/MD5: 483720 5cc3c2014e2b30b1a0906c2748d6bef3
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.4_i386.deb
Size/MD5: 264974 65e6aed85dd4ac7c1485f8eae951788f
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.4_i386.deb
Size/MD5: 377152 55d3b656566987d140d2677d1c0de61c
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2-14ubuntu0.1_i386.deb
Size/MD5: 484640 da71290705c6f6f6faf1d6dc254bf4a6
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.4_powerpc.deb
Size/MD5: 917362 652d1cd08236a6557e44d87b67e4dd16
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.4_powerpc.deb
Size/MD5: 9225702 033e91323439c25a000b604423d71d46
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.4_powerpc.deb
Size/MD5: 511036 e66e2283e7a70758989198fbf9ebb613
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.4_powerpc.deb
Size/MD5: 506852 a8bd4a1633e5d6c8ba51d01134fee992
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.4_powerpc.deb
Size/MD5: 278286 b25fd9ebbeeafeeb3867828251218d08
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.4_powerpc.deb
Size/MD5: 395396 4eafd593de2508a0c574929718476320
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2-14ubuntu0.1_powerpc.deb
Size/MD5: 488664 74541bd75de68e04a43cf61c3c7a276f
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists