[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051206163515.GD8585@piware.de>
Date: Tue Dec 6 16:35:24 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-225-1] Apache 2 vulnerability
===========================================================
Ubuntu Security Notice USN-225-1 December 06, 2005
apache2 vulnerability
CVE-2005-2970
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
apache2-mpm-worker
The problem can be corrected by upgrading the affected package to
version 2.0.50-12ubuntu4.9 (for Ubuntu 4.10), 2.0.53-5ubuntu5.4 (for
Ubuntu 5.04), or 2.0.54-5ubuntu3 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.
Details follow:
A memory leak was found in the Apache 2 'worker' module in the
handling of aborted TCP connections. By repeatedly triggering this
situation, a remote attacker could drain all available memory, which
eventually led to a Denial of Service.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.9.diff.gz
Size/MD5: 102151 e74ea1f9db5e8869fefcda08ada491c7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.9.dsc
Size/MD5: 1152 8b2c88edf7bc94361c8c8eb6f18c0b2b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50.orig.tar.gz
Size/MD5: 6321209 9d0767f8a1344229569fcd8272156f8b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.50-12ubuntu4.9_all.deb
Size/MD5: 3178820 0939b901edabbb7604e920cb4b5f8a40
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.50-12ubuntu4.9_all.deb
Size/MD5: 164294 09c4d4128c4b27e76006076f3824998e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.50-12ubuntu4.9_all.deb
Size/MD5: 165058 dd7cf2519b25b54eeade02d2b4f26e2b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.9_amd64.deb
Size/MD5: 865170 cac566ce1a08db01acf518badd27d2fd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.9_amd64.deb
Size/MD5: 230954 c961bec22257f061490d9262791866d9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.9_amd64.deb
Size/MD5: 226102 88d8fe952de1c7911ed001f70a254407
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.9_amd64.deb
Size/MD5: 229480 1733998c284609428927bb6e2c36e3c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.9_amd64.deb
Size/MD5: 230074 08ac7405a327c6c60cf9a59632e30a2b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.9_amd64.deb
Size/MD5: 30532 60f3839d4452b5cd6359fefabd29b6da
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.9_amd64.deb
Size/MD5: 276032 359a6e506d7362cf325d641e5734e205
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.9_amd64.deb
Size/MD5: 133980 04f33dcb171e94a520149078fdd5e358
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.9_i386.deb
Size/MD5: 826686 7f68df072e4e2fce889738e5a824803c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.9_i386.deb
Size/MD5: 209934 a8a36c2d08dd634650c960c6333e72e8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.9_i386.deb
Size/MD5: 206158 07be2129e71e696fbba491d49d13b22e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.9_i386.deb
Size/MD5: 208786 32ece92d33cfdc9e80e029413c69813a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.9_i386.deb
Size/MD5: 209186 9bcd345bbb3d9c3a4668664437e1864a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.9_i386.deb
Size/MD5: 30530 0c580eb29fe08e5caefad401fbb74021
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.9_i386.deb
Size/MD5: 254004 ab5ac54af4cb232e7016c8d1540967d2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.9_i386.deb
Size/MD5: 124706 c749b33a9779423584f61385eee92a72
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.9_powerpc.deb
Size/MD5: 904382 082a940661eb96d2501a0c76f8ccfaeb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.9_powerpc.deb
Size/MD5: 223562 c8e7cc4ccd5d73cd4d7c1f1a6397ac83
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.9_powerpc.deb
Size/MD5: 218562 c669834a22b52aa370b69706750bb69b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.9_powerpc.deb
Size/MD5: 221726 77acd83c70eceb01869c7c336ea7541f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.9_powerpc.deb
Size/MD5: 222368 191ec846433dcda10cd5a3a9a7559749
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.9_powerpc.deb
Size/MD5: 30528 f648545edca3d021447c263afdfa8284
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.9_powerpc.deb
Size/MD5: 269800 2fc6d58e6ab11c98803b32dc66ee464b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.9_powerpc.deb
Size/MD5: 131302 e1885ea3b0c4b47b92fcd25ae7a71594
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.4.diff.gz
Size/MD5: 108864 d7f1abfb68989fd7ae654db51be2f4cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.4.dsc
Size/MD5: 1159 80eeaa51dc7cbaacceff3d3d32f617bd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53.orig.tar.gz
Size/MD5: 6925351 40507bf19919334f07355eda2df017e5
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.53-5ubuntu5.4_all.deb
Size/MD5: 3578526 834837c6721f2ad42be9beb2bcf5d116
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.53-5ubuntu5.4_all.deb
Size/MD5: 34044 9831b3f20ea36ec8a7a3a43788058593
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.4_amd64.deb
Size/MD5: 826372 36d622f7fa035ce38c3e0c9b4d4b0da2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.4_amd64.deb
Size/MD5: 221338 fc3e401e2ae94414322d8fb836acb94e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.4_amd64.deb
Size/MD5: 216936 138bdc91f670052413668dc5e8abf7fb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.4_amd64.deb
Size/MD5: 220254 c4a5801fdfafae7ba9de20b94ee198ce
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.4_amd64.deb
Size/MD5: 167756 9b94213e02543ff0a6d9071c6d7d6a18
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.4_amd64.deb
Size/MD5: 168530 9930e5ec455652dc03014e05735144c5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.4_amd64.deb
Size/MD5: 93204 9dc6564781ca606763d2bf7bedc0db0a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.4_amd64.deb
Size/MD5: 33974 24ba2f6c53d870a70709ae2a8eb92170
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.4_amd64.deb
Size/MD5: 279346 6bb71e2371117a60f85ae2827be8a218
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.4_amd64.deb
Size/MD5: 137856 6fa34b307bb14ee3e9b8589c73dcb4c0
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.4_i386.deb
Size/MD5: 789288 6a5ace41b9a75f248dfb29af4482f4cd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.4_i386.deb
Size/MD5: 201544 f12be022acedcb938b66aee0edbb7f9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.4_i386.deb
Size/MD5: 197378 a4a6a8018b571e1f1792ca5b3faf6b86
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.4_i386.deb
Size/MD5: 200850 2fd2a977ade9444546718121e66a76f9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.4_i386.deb
Size/MD5: 167764 6cf6fb28c46f094cb038879d902cf2a5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.4_i386.deb
Size/MD5: 168542 67bdfa7cd34283cac0f04f63b39aa345
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.4_i386.deb
Size/MD5: 90910 0f08aafc744cb3618f9af9a3c6ffeae3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.4_i386.deb
Size/MD5: 33968 2e5da2fc39f6a1fa55c1daf01660e952
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.4_i386.deb
Size/MD5: 257286 90fccea2f3f0ddc8097ffb81d5b0ca37
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.4_i386.deb
Size/MD5: 128508 ff51486c88ef3e4daf625773efba0de4
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.4_powerpc.deb
Size/MD5: 855668 14ab804c5da790e7564a95c27ef69b49
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.4_powerpc.deb
Size/MD5: 214556 935cd75d78138f623aa3431b1517a017
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.4_powerpc.deb
Size/MD5: 209660 8116e708946322e2f00eee12ba3f98cd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.4_powerpc.deb
Size/MD5: 213622 d1b5215e1a9dd82a0cbd008d691f7040
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.4_powerpc.deb
Size/MD5: 167766 97f1f88f5bca368a7130e4271efb0d75
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.4_powerpc.deb
Size/MD5: 168538 d19bcebe03bd68c750635c9ad9b7edd2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.4_powerpc.deb
Size/MD5: 102568 aa68b182394cb52660f803665c5c0e3f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.4_powerpc.deb
Size/MD5: 33970 1626c3d5dfa006f9d9cbfd8def1976b7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.4_powerpc.deb
Size/MD5: 272586 98ddb546ad127e40682913654ce7a278
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.4_powerpc.deb
Size/MD5: 134860 053057456d08e8e7406f3e580f077dee
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.54-5ubuntu3.diff.gz
Size/MD5: 116174 34db9656b4bbbff459b25b25cb368c9e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.54-5ubuntu3.dsc
Size/MD5: 1155 58402cdaac4b4716b24656cde8ee457f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.54.orig.tar.gz
Size/MD5: 7493636 37d0d0a3e25ad93d37f0483021e70409
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.54-5ubuntu3_all.deb
Size/MD5: 3862734 7d065212e1e4d62b58a2a6f392a5d301
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5ubuntu3_all.deb
Size/MD5: 34878 1e19536ca819876d8274fc373c645790
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.54-5ubuntu3_amd64.deb
Size/MD5: 825944 93ea041f0a9718590d2dadc9c30d0e67
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5ubuntu3_amd64.deb
Size/MD5: 225800 32e4c83ff244f275d6d36d11dbda7202
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5ubuntu3_amd64.deb
Size/MD5: 220424 5d38a2881f01a51d05d02664e33e95e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.54-5ubuntu3_amd64.deb
Size/MD5: 224984 8486ce8af766a2df2c219a41d4125af0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.54-5ubuntu3_amd64.deb
Size/MD5: 169096 6c8a9c61ace50a980f7927c7a8a1a5b5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.54-5ubuntu3_amd64.deb
Size/MD5: 169818 8dc10e856449d0b5c2988726d0084abd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.54-5ubuntu3_amd64.deb
Size/MD5: 92812 554e17703ed5b011c5f81e8515b7df08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.54-5ubuntu3_amd64.deb
Size/MD5: 34804 7a57d975b10c8f752b989174396a8529
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.54-5ubuntu3_amd64.deb
Size/MD5: 283084 b2ec8329f8f10ec2ae4fec1cc5f82ead
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.54-5ubuntu3_amd64.deb
Size/MD5: 142496 2de04dcd1db1a7dfb0909fa9ff6bed54
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.54-5ubuntu3_i386.deb
Size/MD5: 780532 6c73755ddb0f212d931885c52efccdb9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5ubuntu3_i386.deb
Size/MD5: 201058 a7fb62144aab4355a35def4535faefc5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5ubuntu3_i386.deb
Size/MD5: 196888 51dff105e376abe915078ebada32740f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.54-5ubuntu3_i386.deb
Size/MD5: 200478 e5e18a8ac5b1461d1dbf3d1805b5e88b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.54-5ubuntu3_i386.deb
Size/MD5: 169094 b1d9b6ef81af9a281b1843d6cbd8eccb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.54-5ubuntu3_i386.deb
Size/MD5: 169826 d66de885e97d211afb0f2ea53979d01d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.54-5ubuntu3_i386.deb
Size/MD5: 91114 4406f75ddd1011bce97b30e13e0a061c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.54-5ubuntu3_i386.deb
Size/MD5: 34800 94e994aeda8e1ff14366e5ba465f0da5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.54-5ubuntu3_i386.deb
Size/MD5: 259416 292003cf8c7e673740f18fa146aaa273
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.54-5ubuntu3_i386.deb
Size/MD5: 130896 b1a770ce8394240c5ca9f56d42a6ab34
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.54-5ubuntu3_powerpc.deb
Size/MD5: 853918 8a527dd0f402dd81ee013304ce2465ed
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5ubuntu3_powerpc.deb
Size/MD5: 217928 f930489a31485178b23e096abe464fa3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5ubuntu3_powerpc.deb
Size/MD5: 213586 b67098bee56ee511ec4de768bca9bb36
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.54-5ubuntu3_powerpc.deb
Size/MD5: 217104 34ed2b127e9a67d09a6c521b9c0053ba
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.54-5ubuntu3_powerpc.deb
Size/MD5: 169100 6ac421fa90132f4aa37f909f9d4d7cf7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.54-5ubuntu3_powerpc.deb
Size/MD5: 169836 83b2d561d7e9880e975454d563b6dd75
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.54-5ubuntu3_powerpc.deb
Size/MD5: 103102 6d151cad13a74e59086e2c016169d320
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.54-5ubuntu3_powerpc.deb
Size/MD5: 34802 dc57f7c5ef4fc4c3be396eff2f0b0dbe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.54-5ubuntu3_powerpc.deb
Size/MD5: 278680 69100436836a9f769526ed1583d76a8e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.54-5ubuntu3_powerpc.deb
Size/MD5: 139938 5bf906ed253dabdad27062901beda6d6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051206/8124b70e/attachment.bin
Powered by blists - more mailing lists