lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000001c500d1$eeec5e00$0100a8c0@hubercomp.local>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [sb] [USN-65-1] Apache utility script vulnerability

===========================================================
Ubuntu Security Notice USN-65-1		   January 19, 2005
apache vulnerabilities
http://bugs.debian.org/290974
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

apache-utils

The problem can be corrected by upgrading the affected package to
version 1.3.31-6ubuntu0.4. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Javier Fern?ndez-Sanguino Pe?a noticed that the "check_forensic"
script created temporary files in an insecure manner. This could
allow a symbolic link attack to create or overwrite arbitrary files
with the privileges of the user invoking the program.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.4.diff.gz
      Size/MD5:   369655 7ec465eece404f6ddd1d45a8292b1fe6
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.4.dsc
      Size/MD5:     1102 9165d920ac5f269f5abf886ee392613c
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31.orig.tar.gz
      Size/MD5:  3104170 ca475fbb40087eb157ec51334f260d1b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-dev_1.3.31-6ubuntu0.4_all.deb
      Size/MD5:   329424 f05e89912051a57e3a0f4b439d813bcf
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-doc_1.3.31-6ubuntu0.4_all.deb
      Size/MD5:  1186432 b7490f2099b1bd5b512cb2dba9fc3fcf

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.4_amd64.deb
      Size/MD5:   873090 4de4ad38fa7021c3666349134f3f3939
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.4_amd64.deb
      Size/MD5:  9131010 8dfb8f02f5cd07223069a08c3156a015
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.4_amd64.deb
      Size/MD5:   520354 81033c5317f6d50b69a796df54f56f90
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.4_amd64.deb
      Size/MD5:   510288 f986a142140d051b3d2590e7add86a54
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.4_amd64.deb
      Size/MD5:   271078 bcb58f9b5a102f4109a0e6bd7b80a1c1
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.4_amd64.deb
      Size/MD5:   397916 6f039537fd6365bd5627a6004f445e45
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2-14ubuntu0.1_amd64.deb
      Size/MD5:   491306 86f3c435f888d78e6a03456af0eb7101

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.4_i386.deb
      Size/MD5:   838326 6e8c39afade6e140502592602c180f81
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.4_i386.deb
      Size/MD5:  9080282 3555a952ded8b3370691d8585163587a
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.4_i386.deb
      Size/MD5:   494050 62489a77ba210430b8803aea05be968c
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.4_i386.deb
      Size/MD5:   483720 5cc3c2014e2b30b1a0906c2748d6bef3
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.4_i386.deb
      Size/MD5:   264974 65e6aed85dd4ac7c1485f8eae951788f
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.4_i386.deb
      Size/MD5:   377152 55d3b656566987d140d2677d1c0de61c
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2-14ubuntu0.1_i386.deb
      Size/MD5:   484640 da71290705c6f6f6faf1d6dc254bf4a6

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.4_powerpc.deb
      Size/MD5:   917362 652d1cd08236a6557e44d87b67e4dd16
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.4_powerpc.deb
      Size/MD5:  9225702 033e91323439c25a000b604423d71d46
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.4_powerpc.deb
      Size/MD5:   511036 e66e2283e7a70758989198fbf9ebb613
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.4_powerpc.deb
      Size/MD5:   506852 a8bd4a1633e5d6c8ba51d01134fee992
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.4_powerpc.deb
      Size/MD5:   278286 b25fd9ebbeeafeeb3867828251218d08
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.4_powerpc.deb
      Size/MD5:   395396 4eafd593de2508a0c574929718476320
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2-14ubuntu0.1_powerpc.deb
      Size/MD5:   488664 74541bd75de68e04a43cf61c3c7a276f
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050122/575dfcb8/attachment.bin
-------------- next part --------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ