lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060801104624.GA9633@steve.org.uk> Date: Tue, 1 Aug 2006 11:46:24 +0100 From: Steve Kemp <skx@...ian.org> To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 1131-1] New apache package fix buffer overflow -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1131-1 security@...ian.org http://www.debian.org/security/ Steve Kemp Aug 1st, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : apache Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no CVE ID : CVE-2006-3747 CERT advisory : VU#395412 Debian Bug : 380231 Mark Dowd discovered a buffer overflow in the mod_rewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitary code. For the stable distribution (sarge) this problem has been fixed in version 1.3.33-6sarge2. For the unstable distribution (sid) this problems will be fixed shortly. We recommend that you upgrade your apache package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2.dsc Size/MD5 checksum: 1119 8188c2fe660d475970139af295b07b86 http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2.diff.gz Size/MD5 checksum: 372930 40c5ca3d91d1307a191915459bc94237 http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33.orig.tar.gz Size/MD5 checksum: 3105683 1a34f13302878a8713a2ac760d9b6da8 Architecture independent components: http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.33-6sarge2_all.deb Size/MD5 checksum: 334562 a6a506713c09c27143feffe738aed3f9 http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.33-6sarge2_all.deb Size/MD5 checksum: 1332888 f24fa9421e8dc9acec2467b58468f2dd http://security.debian.org/pool/updates/main/a/apache/apache-utils_1.3.33-6sarge2_all.deb Size/MD5 checksum: 212626 b9a5198ee442212cdd248be8827400a1 Alpha architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_alpha.deb Size/MD5 checksum: 428152 a58caae837e1025d97cf44bf8fb23f0f http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_alpha.deb Size/MD5 checksum: 904242 ce2a0e4b97c1926dafdf31e589883995 http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_alpha.deb Size/MD5 checksum: 9223072 182f1789104e294f72fede75dc13b875 http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_alpha.deb Size/MD5 checksum: 569406 185346b21b2adbc248a06f689f094b97 http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_alpha.deb Size/MD5 checksum: 542576 dfe389cdb48d38ee2a27a3a622a6c6e0 http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_alpha.deb Size/MD5 checksum: 505050 36759af8debeceeebdd083a337e590cb AMD64 architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_amd64.deb Size/MD5 checksum: 401466 6d45b8e9a23382f6b2eadc28af28e4a4 http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_amd64.deb Size/MD5 checksum: 876652 7474a08ccd74235787761b8e1ffe8c0e http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_amd64.deb Size/MD5 checksum: 9162572 b55d8df232edbd900372fe339a065fd1 http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_amd64.deb Size/MD5 checksum: 524410 41142b30d22c99476977c339cf071504 http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_amd64.deb Size/MD5 checksum: 513708 5377d3aa2ad92e07db2654d3fd3761d1 http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_amd64.deb Size/MD5 checksum: 492544 2d15619f2db2d39d6abdaf25574fbf4c ARM architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_arm.deb Size/MD5 checksum: 384260 7785f5fa4d814bd1a1ec946fe007ec53 http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_arm.deb Size/MD5 checksum: 841372 83ed59ba296d64b5b6731c3a57902810 http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_arm.deb Size/MD5 checksum: 8985914 50fc722807a399105950b15e5eaba3b3 http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_arm.deb Size/MD5 checksum: 495910 f7d7a9218c3bdabbf0982b3ec563bca6 http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_arm.deb Size/MD5 checksum: 489556 7645d9195f00f4bf0c655eefaf971dff http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_arm.deb Size/MD5 checksum: 479280 e689e83904766cf209049c39fe3ee2d1 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_i386.deb Size/MD5 checksum: 386664 0f0192626abd5a456bf7b6d43f9f1708 http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_i386.deb Size/MD5 checksum: 860158 60891f21e526885833f7f7fcf43c92e4 http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_i386.deb Size/MD5 checksum: 9124844 9d2e020813d5298c3f4d62dcd8ec6aaa http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_i386.deb Size/MD5 checksum: 504860 a084ffd32a38948db9dd0692ead50eeb http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_i386.deb Size/MD5 checksum: 493690 c442e0c156f98044c20a665d989aeca0 http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_i386.deb Size/MD5 checksum: 486804 3862e6781f044fc2c4ae24170f47fe6f Intel IA-64 architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_ia64.deb Size/MD5 checksum: 463372 13eb11e0de167d54b6606605ae1ff0f6 http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_ia64.deb Size/MD5 checksum: 971834 2be725f2e6b84c10c512a0d804480e33 http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_ia64.deb Size/MD5 checksum: 9355772 3b5d28d3d2531719d46c23920dd3e94c http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_ia64.deb Size/MD5 checksum: 627356 247a7da511dae2d5e698f2b424fe24c5 http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_ia64.deb Size/MD5 checksum: 585922 aa5d4b2f9bcefe026da9168170e0c819 http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_ia64.deb Size/MD5 checksum: 532826 9b9c3b43b6e85e92dd2c064871f7d9f3 HP Precision architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_hppa.deb Size/MD5 checksum: 406614 50c84b8682cd3b8af4e0eceaf7fd505a http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_hppa.deb Size/MD5 checksum: 905560 b02464bd2a9c5ca732e0c4f9208baee0 http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_hppa.deb Size/MD5 checksum: 9100908 4516c9ad78527b3cb2be9daef76e9566 http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_hppa.deb Size/MD5 checksum: 536024 e8ab5a278d1424ef9d68c155ae3a7ab8 http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_hppa.deb Size/MD5 checksum: 518824 c6befb0053d4ed7daa9e9f3d1538bbb6 http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_hppa.deb Size/MD5 checksum: 508750 6beec32a45b93df126f4973619c6076a Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_m68k.deb Size/MD5 checksum: 371072 d4f978e09502b619b7933e23290eaf5e http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_m68k.deb Size/MD5 checksum: 847234 8ca3d2d72183081217ae742327dd49f7 http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_m68k.deb Size/MD5 checksum: 8973668 e6614fd4445efa2a29002d5f02d0b7c5 http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_m68k.deb Size/MD5 checksum: 448692 e2024a331a75dabd3ff86927a1883cbc http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_m68k.deb Size/MD5 checksum: 477360 43f62ac274ccd93160d1db6d3110ebe6 http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_m68k.deb Size/MD5 checksum: 489432 df5d49e0e858809966e4395cdfcab073 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_mips.deb Size/MD5 checksum: 403276 4ff63b289978627f3db22de263e158ef http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_mips.deb Size/MD5 checksum: 851592 3e0d11bf481c1378ff776062dc2eed70 http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_mips.deb Size/MD5 checksum: 9048564 aa4a667fdc83d41e739b69c949967929 http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_mips.deb Size/MD5 checksum: 485152 0672cc250050d8e0e571ced7cb4420a0 http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_mips.deb Size/MD5 checksum: 509872 09572aa1dd63bd7b1bff9b61d5752358 http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_mips.deb Size/MD5 checksum: 443532 6efd073b42b13599960f29ff9263892a Little endian MIPS architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_mipsel.deb Size/MD5 checksum: 403652 6906feb21ddb7af2a5ec9d4c2ccd874c http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_mipsel.deb Size/MD5 checksum: 849942 5786e24b7849df4eea36f3d3da80a82a http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_mipsel.deb Size/MD5 checksum: 9054052 f0d853c8399534429fcd2a3463016ef1 http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_mipsel.deb Size/MD5 checksum: 485376 9001e3d37ac660635946eb066e50ec78 http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_mipsel.deb Size/MD5 checksum: 510664 398e615c936d6e72bb443ce3550e57e2 http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_mipsel.deb Size/MD5 checksum: 443422 e3a6f0ca68df1d8e8f26eef8f23b2822 PowerPC architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_powerpc.deb Size/MD5 checksum: 398666 29de2415f45cd033d04c28be500664ee http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_powerpc.deb Size/MD5 checksum: 921400 c36acb601638cb0a9961a2f5d95fcb28 http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_powerpc.deb Size/MD5 checksum: 9252458 aa5f5cdc62365a6951cb6a67e005dc34 http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_powerpc.deb Size/MD5 checksum: 515350 0d654fea1e92be4c2bb1375b6a51c060 http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_powerpc.deb Size/MD5 checksum: 510372 15269ec946e59741172a69c8e7ea7557 http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_powerpc.deb Size/MD5 checksum: 490708 2b1e1ae12a9cb2e8f59b6b8b219d7f9e IBM S/390 architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_s390.deb Size/MD5 checksum: 403204 73201862887af010def1edf24d22594d http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_s390.deb Size/MD5 checksum: 868450 b84df926a3235d152d8f7f35aa3394ae http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_s390.deb Size/MD5 checksum: 9183050 1cf5c335b2cf863898c0c84e4e150776 http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_s390.deb Size/MD5 checksum: 490090 b361f3cf52b919b5e92d96f92a77270a http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_s390.deb Size/MD5 checksum: 514442 d3374e5f0d5cb468409795a1a7c9b8b3 http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_s390.deb Size/MD5 checksum: 460466 bf56d745cf3b78e3ade0204a718417c6 Sun Sparc architecture: http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_sparc.deb Size/MD5 checksum: 385534 020faf78c7c61702c94d10eb03a07e37 http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_sparc.deb Size/MD5 checksum: 849304 2cffd052a21ba9306ebadf4af2f6b734 http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_sparc.deb Size/MD5 checksum: 9046234 f32d81e7736df5b65bf9912506b03466 http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_sparc.deb Size/MD5 checksum: 504168 e3a5510199db8f05f5a6f3028b82ef11 http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_sparc.deb Size/MD5 checksum: 491970 4f9732af9bcf8e6ecc54cb24f65b7d0b http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_sparc.deb Size/MD5 checksum: 490256 9c6e61c66d2f8641680f6f7dfe7316fe These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFEzzCzwM/Gs81MDZ0RAqM9AJ9pezh9ub2VryJ8X13FpiWm0THOwQCgmd4w Qf4EYm8EnwbI7VB7WmKq7V4= =JjUs -----END PGP SIGNATURE-----