lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050119155603.GA24938@box79162.elkhouse.de> From: martin.pitt at canonical.com (Martin Pitt) Subject: [USN-65-1] Apache utility script vulnerability =========================================================== Ubuntu Security Notice USN-65-1 January 19, 2005 apache vulnerabilities http://bugs.debian.org/290974 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: apache-utils The problem can be corrected by upgrading the affected package to version 1.3.31-6ubuntu0.4. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Javier Fern?ndez-Sanguino Pe?a noticed that the "check_forensic" script created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.4.diff.gz Size/MD5: 369655 7ec465eece404f6ddd1d45a8292b1fe6 http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.4.dsc Size/MD5: 1102 9165d920ac5f269f5abf886ee392613c http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31.orig.tar.gz Size/MD5: 3104170 ca475fbb40087eb157ec51334f260d1b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-dev_1.3.31-6ubuntu0.4_all.deb Size/MD5: 329424 f05e89912051a57e3a0f4b439d813bcf http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-doc_1.3.31-6ubuntu0.4_all.deb Size/MD5: 1186432 b7490f2099b1bd5b512cb2dba9fc3fcf amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.4_amd64.deb Size/MD5: 873090 4de4ad38fa7021c3666349134f3f3939 http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.4_amd64.deb Size/MD5: 9131010 8dfb8f02f5cd07223069a08c3156a015 http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.4_amd64.deb Size/MD5: 520354 81033c5317f6d50b69a796df54f56f90 http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.4_amd64.deb Size/MD5: 510288 f986a142140d051b3d2590e7add86a54 http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.4_amd64.deb Size/MD5: 271078 bcb58f9b5a102f4109a0e6bd7b80a1c1 http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.4_amd64.deb Size/MD5: 397916 6f039537fd6365bd5627a6004f445e45 http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2-14ubuntu0.1_amd64.deb Size/MD5: 491306 86f3c435f888d78e6a03456af0eb7101 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.4_i386.deb Size/MD5: 838326 6e8c39afade6e140502592602c180f81 http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.4_i386.deb Size/MD5: 9080282 3555a952ded8b3370691d8585163587a http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.4_i386.deb Size/MD5: 494050 62489a77ba210430b8803aea05be968c http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.4_i386.deb Size/MD5: 483720 5cc3c2014e2b30b1a0906c2748d6bef3 http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.4_i386.deb Size/MD5: 264974 65e6aed85dd4ac7c1485f8eae951788f http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.4_i386.deb Size/MD5: 377152 55d3b656566987d140d2677d1c0de61c http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2-14ubuntu0.1_i386.deb Size/MD5: 484640 da71290705c6f6f6faf1d6dc254bf4a6 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.4_powerpc.deb Size/MD5: 917362 652d1cd08236a6557e44d87b67e4dd16 http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.4_powerpc.deb Size/MD5: 9225702 033e91323439c25a000b604423d71d46 http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.4_powerpc.deb Size/MD5: 511036 e66e2283e7a70758989198fbf9ebb613 http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.4_powerpc.deb Size/MD5: 506852 a8bd4a1633e5d6c8ba51d01134fee992 http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.4_powerpc.deb Size/MD5: 278286 b25fd9ebbeeafeeb3867828251218d08 http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.4_powerpc.deb Size/MD5: 395396 4eafd593de2508a0c574929718476320 http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2-14ubuntu0.1_powerpc.deb Size/MD5: 488664 74541bd75de68e04a43cf61c3c7a276f -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050119/ad38d3db/attachment.bin