[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050526124258.GA21922@piware.de>
Date: Thu, 26 May 2005 14:42:58 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-133-1] Apache utility vulnerability
===========================================================
Ubuntu Security Notice USN-133-1 May 26, 2005
apache vulnerability
http://xforce.iss.net/xforce/xfdb/17413
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
apache-utils
The problem can be corrected by upgrading the affected package to
version 1.3.31-6ubuntu0.7. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
A buffer overflow was discovered in the "htpasswd" utility. This could
be exploited to execute arbitrary code with the privileges of the user
invoking htpasswd. This is only a security vulnerability if you have a
website that offers a public interface to htpasswd without checking
the input beforehand; however, this is very unusual.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.6.diff.gz
Size/MD5: 370216 e4b146fdb5a84579cf72543dcba25278
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.6.dsc
Size/MD5: 1102 695ade9c26134605755f605d8de5c829
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.7.diff.gz
Size/MD5: 370555 e3b320d767ecddf64a4c439dcf69a20a
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.7.dsc
Size/MD5: 1102 a686975f257bfdbf6cc5cb3b7eb33fc0
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31.orig.tar.gz
Size/MD5: 3104170 ca475fbb40087eb157ec51334f260d1b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-dev_1.3.31-6ubuntu0.7_all.deb
Size/MD5: 329680 ea1b574aba9bca4c3ac298b5bfd24fc8
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-doc_1.3.31-6ubuntu0.7_all.deb
Size/MD5: 1186734 9a5f2ca0ed6a222a61fa646145ce2840
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.7_amd64.deb
Size/MD5: 873476 ede05d37c8b5ac6566aa31104493894a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.7_amd64.deb
Size/MD5: 9131366 2b06dc22c63cbf20521bda43e715dd28
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.7_amd64.deb
Size/MD5: 520708 8f81def40bf552cb50a3f36123375880
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.7_amd64.deb
Size/MD5: 510738 1d033b2179669b4450af2e5ee1077c13
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.7_amd64.deb
Size/MD5: 271492 ea3f8ba1ede1456edbacfcc8233b7c37
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.7_amd64.deb
Size/MD5: 398240 b6973f41949ba3a9f6634887d02eb861
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.7_amd64.deb
Size/MD5: 491604 1f0450ce55f9fc7a2204790900cdd289
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.7_i386.deb
Size/MD5: 838554 613569f8f1f8e2142308cf3ee8d98484
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.7_i386.deb
Size/MD5: 9080588 68a2c0dd50fa206c6934e9be3ef130fb
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.7_i386.deb
Size/MD5: 494356 bc7952904183ca0c78dec618a5b7b10f
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.7_i386.deb
Size/MD5: 484052 036bbeea1f293a9f76a03cb593628ddd
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.7_i386.deb
Size/MD5: 265296 620c32f9fc129cfd6e28bd3fbb7abe95
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.7_i386.deb
Size/MD5: 377510 b95d6936e5c65389f43ab5a9c7bc19b4
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.7_i386.deb
Size/MD5: 484974 9447a769568c36df5a365c46f6de30c2
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.7_powerpc.deb
Size/MD5: 917590 308c593f853c66f850ee26ad033cbbf0
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.7_powerpc.deb
Size/MD5: 9226022 7e832b879a9ff0660f6e68d5e08c37ba
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.7_powerpc.deb
Size/MD5: 511372 35a07437c37d73b22e3901089942c238
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.7_powerpc.deb
Size/MD5: 507178 b8bef2e3cb964a064c97cd834300d5c2
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.7_powerpc.deb
Size/MD5: 278630 5c2b8515f4792bc6851e9dd5e9c55a05
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.7_powerpc.deb
Size/MD5: 395680 b8eb63089f5e6f584ae952c12e6c0c0c
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.7_powerpc.deb
Size/MD5: 488976 5d2e37fca4d74b40d0f57abd5190df67
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists