| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Jul 2007 17:03:16 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-488-1] mod_perl vulnerability
===========================================================
Ubuntu Security Notice USN-488-1 July 17, 2007
libapache2-mod-perl2 vulnerability
CVE-2007-1349
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libapache2-mod-perl2 2.0.2-2ubuntu1.6.06.1
Ubuntu 6.10:
libapache2-mod-perl2 2.0.2-2ubuntu1.6.10.1
Ubuntu 7.04:
libapache2-mod-perl2 2.0.2-2.3ubuntu1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Alex Solovey discovered that mod_perl did not correctly validate certain
regular expression matches. A remote attacker could send a specially
crafted request to a web application using mod_perl, causing the web
server to monopolize CPU resources. This could lead to a remote denial
of service.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2ubuntu1.6.06.1.diff.gz
Size/MD5: 9628 f497977199cfe7bf7acdfa2c0cde2eed
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2ubuntu1.6.06.1.dsc
Size/MD5: 998 7f889342264c7d06a6ffd60062dab734
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2.orig.tar.gz
Size/MD5: 3692744 ad0a509fd34e3b8452887d80a1d45dea
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.2-2ubuntu1.6.06.1_amd64.deb
Size/MD5: 75322 5b89b5653519c0510576aa82b9fc4f5e
http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.2-2ubuntu1.6.06.1_amd64.deb
Size/MD5: 3107230 ecb39dbd89462fb9b9682aef0b6a1235
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2ubuntu1.6.06.1_amd64.deb
Size/MD5: 1110112 ff31fbd491116c5f8c91d757e8301c19
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.2-2ubuntu1.6.06.1_i386.deb
Size/MD5: 75314 53b3c9646059d0eacc4e0f3e516e70c0
http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.2-2ubuntu1.6.06.1_i386.deb
Size/MD5: 3107228 e4edd114c2c75ad319325182c23dd5fa
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2ubuntu1.6.06.1_i386.deb
Size/MD5: 1079348 e90f4d9cdc8b5b2e80a53cd1b1798f13
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.2-2ubuntu1.6.06.1_powerpc.deb
Size/MD5: 75318 8ad67903ccd57505913ac89ecb2e887c
http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.2-2ubuntu1.6.06.1_powerpc.deb
Size/MD5: 3107232 0b8647bcddcb0db03ef519766e5df681
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2ubuntu1.6.06.1_powerpc.deb
Size/MD5: 1155804 4356f995aafef49458f55ab994473c5b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.2-2ubuntu1.6.06.1_sparc.deb
Size/MD5: 75314 b550a8744b5d454d59c34f0b499cb5d7
http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.2-2ubuntu1.6.06.1_sparc.deb
Size/MD5: 3107228 863b67f9b585a39002bf4b4ef2d978a1
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2ubuntu1.6.06.1_sparc.deb
Size/MD5: 1089070 55f0d299239f5d8ec1d1b1959e187317
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2ubuntu1.6.10.1.diff.gz
Size/MD5: 9630 8931dae2b1c65dc46174bfc699daf06d
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2ubuntu1.6.10.1.dsc
Size/MD5: 998 ddf93bb0b197442d62366239d0850acb
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2.orig.tar.gz
Size/MD5: 3692744 ad0a509fd34e3b8452887d80a1d45dea
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.2-2ubuntu1.6.10.1_amd64.deb
Size/MD5: 75364 671eecfcd15ffec6221b52a295f27c78
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.2-2ubuntu1.6.10.1_amd64.deb
Size/MD5: 3107284 c50a1ec820fe819ebcf12e8d92b89a80
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2ubuntu1.6.10.1_amd64.deb
Size/MD5: 1107574 8754c106ab3937d6ed2cc32b84f7a701
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.2-2ubuntu1.6.10.1_i386.deb
Size/MD5: 75362 a597a8fa7f91a8a57a7c96b3a312f9df
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.2-2ubuntu1.6.10.1_i386.deb
Size/MD5: 3107300 309b7861ec7e00283c117845f5c485c1
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2ubuntu1.6.10.1_i386.deb
Size/MD5: 1079150 51e832bdf8214b857847bbf88f481de3
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.2-2ubuntu1.6.10.1_powerpc.deb
Size/MD5: 75370 009c49eafaa0e3a01c3711aa61b240c8
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.2-2ubuntu1.6.10.1_powerpc.deb
Size/MD5: 3107306 3429bbe0161ec52d59e41b8d3f985ecb
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2ubuntu1.6.10.1_powerpc.deb
Size/MD5: 1150766 aa2da5195df10ebf278bb07ab69254e0
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.2-2ubuntu1.6.10.1_sparc.deb
Size/MD5: 75370 1ca37636d692aa55fc23e48cb2525a97
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.2-2ubuntu1.6.10.1_sparc.deb
Size/MD5: 3107274 1c78d621cee62ed906527c9b13eef3b0
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2ubuntu1.6.10.1_sparc.deb
Size/MD5: 1084550 4a2a43ef790df1ad26ab3eadce94d915
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2.3ubuntu1.diff.gz
Size/MD5: 10074 127845cc9bcbdaaafe10d2cb19894016
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2.3ubuntu1.dsc
Size/MD5: 1069 e594fff200e39c5b2d32afbef31ffb94
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2.orig.tar.gz
Size/MD5: 3692744 ad0a509fd34e3b8452887d80a1d45dea
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.2-2.3ubuntu1_amd64.deb
Size/MD5: 75588 b1f6133f1885af8f1f87708faa2a60db
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.2-2.3ubuntu1_amd64.deb
Size/MD5: 3107526 7490be6f0b18fa08dbef37e2fafa54f2
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2.3ubuntu1_amd64.deb
Size/MD5: 1112102 24692fb297bb18c7b8cee934ea189224
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.2-2.3ubuntu1_i386.deb
Size/MD5: 75592 fd71ab7ee62c4108120c9291c995ad80
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.2-2.3ubuntu1_i386.deb
Size/MD5: 3107524 8b2bf71217004adb579ef69ee4b33c38
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2.3ubuntu1_i386.deb
Size/MD5: 1083958 31ee84ee8393518fb90d3c03b93bbdda
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.2-2.3ubuntu1_powerpc.deb
Size/MD5: 75596 fb941bcadd4e28fa0fb5040768eb65e4
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.2-2.3ubuntu1_powerpc.deb
Size/MD5: 3107518 822a2ccc5ae2c38630e387d8135793a0
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2.3ubuntu1_powerpc.deb
Size/MD5: 1186164 1b99b9c429ad2e3e739cbdb4f5f2c956
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-dev_2.0.2-2.3ubuntu1_sparc.deb
Size/MD5: 75598 c0216a2beb6699e4b2c48d0c0ef49509
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2-doc_2.0.2-2.3ubuntu1_sparc.deb
Size/MD5: 3107526 8a11b8856ffa7e375812bed6d4a79da9
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-perl2/libapache2-mod-perl2_2.0.2-2.3ubuntu1_sparc.deb
Size/MD5: 1089232 917ea0cd5251737b74fc781f42899264
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists