lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050526124258.GA21922@piware.de>
Date: Thu May 26 13:43:10 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-133-1] Apache utility vulnerability

===========================================================
Ubuntu Security Notice USN-133-1	       May 26, 2005
apache vulnerability
http://xforce.iss.net/xforce/xfdb/17413
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

apache-utils

The problem can be corrected by upgrading the affected package to
version 1.3.31-6ubuntu0.7. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

A buffer overflow was discovered in the "htpasswd" utility. This could
be exploited to execute arbitrary code with the privileges of the user
invoking htpasswd. This is only a security vulnerability if you have a
website that offers a public interface to htpasswd without checking
the input beforehand; however, this is very unusual.


  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.6.diff.gz
      Size/MD5:   370216 e4b146fdb5a84579cf72543dcba25278
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.6.dsc
      Size/MD5:     1102 695ade9c26134605755f605d8de5c829
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.7.diff.gz
      Size/MD5:   370555 e3b320d767ecddf64a4c439dcf69a20a
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.7.dsc
      Size/MD5:     1102 a686975f257bfdbf6cc5cb3b7eb33fc0
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31.orig.tar.gz
      Size/MD5:  3104170 ca475fbb40087eb157ec51334f260d1b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-dev_1.3.31-6ubuntu0.7_all.deb
      Size/MD5:   329680 ea1b574aba9bca4c3ac298b5bfd24fc8
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-doc_1.3.31-6ubuntu0.7_all.deb
      Size/MD5:  1186734 9a5f2ca0ed6a222a61fa646145ce2840

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:   873476 ede05d37c8b5ac6566aa31104493894a
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:  9131366 2b06dc22c63cbf20521bda43e715dd28
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:   520708 8f81def40bf552cb50a3f36123375880
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:   510738 1d033b2179669b4450af2e5ee1077c13
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:   271492 ea3f8ba1ede1456edbacfcc8233b7c37
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:   398240 b6973f41949ba3a9f6634887d02eb861
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.7_amd64.deb
      Size/MD5:   491604 1f0450ce55f9fc7a2204790900cdd289

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:   838554 613569f8f1f8e2142308cf3ee8d98484
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:  9080588 68a2c0dd50fa206c6934e9be3ef130fb
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:   494356 bc7952904183ca0c78dec618a5b7b10f
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:   484052 036bbeea1f293a9f76a03cb593628ddd
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:   265296 620c32f9fc129cfd6e28bd3fbb7abe95
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:   377510 b95d6936e5c65389f43ab5a9c7bc19b4
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.7_i386.deb
      Size/MD5:   484974 9447a769568c36df5a365c46f6de30c2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:   917590 308c593f853c66f850ee26ad033cbbf0
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:  9226022 7e832b879a9ff0660f6e68d5e08c37ba
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:   511372 35a07437c37d73b22e3901089942c238
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:   507178 b8bef2e3cb964a064c97cd834300d5c2
    http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:   278630 5c2b8515f4792bc6851e9dd5e9c55a05
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:   395680 b8eb63089f5e6f584ae952c12e6c0c0c
    http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.7_powerpc.deb
      Size/MD5:   488976 5d2e37fca4d74b40d0f57abd5190df67
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050526/d7d112e2/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ