[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050506090418.GA15203@piware.de>
Date: Fri, 6 May 2005 11:04:18 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: [USN-120-1] Apache 2 vulnerability
===========================================================
Ubuntu Security Notice USN-120-1 May 06, 2005
apache2 vulnerability
CAN-2005-1344
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
apache2-utils
The problem can be corrected by upgrading the affected package to
version 2.0.50-12ubuntu4.2 (for Ubuntu 4.10) and 2.0.53-5ubuntu5.1
(for Ubuntu 5.04). In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Luca Ercoli discovered that the "htdigest" program did not perform any
bounds checking when it copied the "user" and "realm" arguments into
local buffers. If this program is used in remotely callable CGI
scripts, this could be exploited by a remote attacker to execute
arbitrary code with the privileges of the CGI script.
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.2.diff.gz
Size/MD5: 98267 87586b5cb510061595cef66338581a79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.2.dsc
Size/MD5: 1151 a9513abc00ea2349450bc41893924934
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50.orig.tar.gz
Size/MD5: 6321209 9d0767f8a1344229569fcd8272156f8b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.50-12ubuntu4.2_all.deb
Size/MD5: 3178132 1e9d1e7ac590566418bee5afc0aa49a2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.50-12ubuntu4.2_all.deb
Size/MD5: 163566 b261a2b9a55de3ad5a442a907de01ebb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.50-12ubuntu4.2_all.deb
Size/MD5: 164312 b84bcf4e053a51cd8301df3401e3e2b2
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.2_amd64.deb
Size/MD5: 864476 cf93d873c7977092835a357e988092e4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.2_amd64.deb
Size/MD5: 230190 c0e93260cb0393d13587718a47c7b45b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.2_amd64.deb
Size/MD5: 225342 8f120306e1c71496fef963891541c405
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.2_amd64.deb
Size/MD5: 228774 25b87218b42035965567440434cf52b3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.2_amd64.deb
Size/MD5: 229344 da3093352e24225be0238dc666ef9cfb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.2_amd64.deb
Size/MD5: 29800 160aa26592c557ee6e7a46cf1a0e2960
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.2_amd64.deb
Size/MD5: 275310 daf38c889708fda550182c9d483b0230
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.2_amd64.deb
Size/MD5: 133252 67a0f7ef5009e90101638b3a298b6e3f
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.2_i386.deb
Size/MD5: 825786 4b6f3ca0efb794bf7740837062c479fc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.2_i386.deb
Size/MD5: 209170 7d293b865d950cc5d05466963653bb7f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.2_i386.deb
Size/MD5: 205394 25b99fbd9226fb46251dac7124142936
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.2_i386.deb
Size/MD5: 208042 23c67fc8862c995f096bdfc3e7b3e692
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.2_i386.deb
Size/MD5: 208476 1f353dd0d64128b99e7c9792d996ba4a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.2_i386.deb
Size/MD5: 29808 49fae153ca436da85a3a9d666e07044a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.2_i386.deb
Size/MD5: 253274 cd7d0c90906691ca0399a82a410d6082
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.2_i386.deb
Size/MD5: 123972 3020312e5282fabf9c2656b1324391e3
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.2_powerpc.deb
Size/MD5: 903634 cb3389870d788eda54536e47157f0347
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.2_powerpc.deb
Size/MD5: 222798 499b94a9f6841b9da69419115d84f635
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.2_powerpc.deb
Size/MD5: 217804 d95bc9eb5b22926f0fb22acfba61a6ee
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.2_powerpc.deb
Size/MD5: 220968 dbd2a97b2b578e6764ff5d4d8970c2d9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.2_powerpc.deb
Size/MD5: 221576 a7cca9a4b76f5083f43260122275a7ce
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.2_powerpc.deb
Size/MD5: 29806 d1cc1c63cc85d158473c7e0046272936
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.2_powerpc.deb
Size/MD5: 269076 20737e649d99a193903b4f0e0fe5a583
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.2_powerpc.deb
Size/MD5: 130578 f29d8ca28893d687efe9ffd4585c2abb
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.1.diff.gz
Size/MD5: 105830 f19f392f87e39389da168006afc18f89
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.1.dsc
Size/MD5: 1159 81a2017e0536fadf7bc2a40b9be54aca
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53.orig.tar.gz
Size/MD5: 6925351 40507bf19919334f07355eda2df017e5
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.53-5ubuntu5.1_all.deb
Size/MD5: 3578168 67c51a790160e24bf93c0ac786c81b3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.53-5ubuntu5.1_all.deb
Size/MD5: 33596 0a4b96294be9f2dfa548c6de9d46e0a4
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.1_amd64.deb
Size/MD5: 825872 0002ddfccd994ca6026f6be3c975bcfe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.1_amd64.deb
Size/MD5: 220892 528f92368df98af9bcefcd1fb1a134d7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.1_amd64.deb
Size/MD5: 216428 27b2da096b9fd64b6794592e76f2cff5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.1_amd64.deb
Size/MD5: 219824 59cd86376b876f102589fb65c7fcd156
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.1_amd64.deb
Size/MD5: 167266 f64176450d54e6e4b10d6ede5ff366bb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.1_amd64.deb
Size/MD5: 168060 acdd5e8c1ed883d538bcb51c5cc3d16c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.1_amd64.deb
Size/MD5: 92732 1019e7ccb24cc0ed4cdc9a7c32dc5009
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.1_amd64.deb
Size/MD5: 33522 c3b5ac52fc94e266d37d1c0dac960fdb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.1_amd64.deb
Size/MD5: 278884 9ba58e2af006050c8e3f80bbfb57bcc3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.1_amd64.deb
Size/MD5: 137382 79c0405522bebe834c2e6b99795b720a
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.1_i386.deb
Size/MD5: 788586 0211beba06e7e2774df5fba57badfade
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.1_i386.deb
Size/MD5: 201064 68b06d7c7a59dee404ec462a37ca5011
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.1_i386.deb
Size/MD5: 196892 170f0ce0c87f29438957316ec2ec0122
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.1_i386.deb
Size/MD5: 200354 8f6d7094d11774b85aa8c6c11bc750c1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.1_i386.deb
Size/MD5: 167266 c38b18adb268f882b2b42b81157ab631
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.1_i386.deb
Size/MD5: 168058 7738f68bede8476d51d2608857a3cd39
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.1_i386.deb
Size/MD5: 90456 51bf7881c66bcf5c694ee9e596ab1cc1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.1_i386.deb
Size/MD5: 33520 ba391b0999fcd1b4206f87065fb0f48c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.1_i386.deb
Size/MD5: 256802 a3a624b345018c54f091ccea0e9da41c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.1_i386.deb
Size/MD5: 128064 734d5122ec076a54f6e76410f6a1245e
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.1_powerpc.deb
Size/MD5: 855108 1dfc0c0da261db28527c18cb74aad068
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.1_powerpc.deb
Size/MD5: 214136 5f02f57b520924f15aa76eda2d080956
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.1_powerpc.deb
Size/MD5: 209138 0c583de044adfcc776d1379e670dc3c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.1_powerpc.deb
Size/MD5: 213150 bc7d7e9151dd51e29205d17b3b0414e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.1_powerpc.deb
Size/MD5: 167268 e9e17dfbf9c96df0b403a189cef90042
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.1_powerpc.deb
Size/MD5: 168050 b6f72f186997b75aab014c3082fcfa71
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.1_powerpc.deb
Size/MD5: 102106 fa4df0db982df921c232e2913c71ef89
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.1_powerpc.deb
Size/MD5: 33522 3ee1c98a1ea5dc77269d833b18df79d4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.1_powerpc.deb
Size/MD5: 272108 099cf2448a2cf6801cd173329637f2bf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.1_powerpc.deb
Size/MD5: 134342 94baf66057345048d892236dd3960019
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
Powered by blists - more mailing lists