[Please upgrade if you are running Apache mod_dav on your system -- Raju] This is an RFC 1153 digest. (1 message) ----------------------------------------------------------------------
Message-Id: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Full-Disclosure] [SECURITY] [DSA 558-1] New libapache-mod-dav packages fix potential denial of service Date: Wed, 6 Oct 2004 09:32:58 +0200 (CEST) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 558-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze October 6th, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : libapache-mod-dav Vulnerability : null pointer dereference Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0809 Julian Reschke reported a problem in mod_dav of Apache 2 in connection with a NULL pointer dereference. When running in a threaded model, especially with Apache 2, a segmentation fault can take out a whole process and hence create a denial of service for the whole server. For the stable distribution (woody) this problem has been fixed in version 1.0.3-3.1. For the unstable distribution (sid) this problem has been fixed in version 1.0.3-10 of libapache-mod-dav and in version 2.0.51-1 of Apache 2. We recommend that you upgrade your mod_dav packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1.dsc Size/MD5 checksum: 645 5b405cd8fe0471edd793343ef8237b26 http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1.diff.gz Size/MD5 checksum: 4523 94edc74f33414e93af4ca7fa849b3fb3 http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3.orig.tar.gz Size/MD5 checksum: 185284 ba83f2aa6e13b216a11d465b82aab484 Alpha architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_alpha.deb Size/MD5 checksum: 96522 7e5d5d2184629de6be880eb0650d7fd1 ARM architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_arm.deb Size/MD5 checksum: 81860 fbe2d647e0037436d710ee857c947a52 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_i386.deb Size/MD5 checksum: 80122 dfaab95268192557f711ab9fbd7f9f9b Intel IA-64 architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_ia64.deb Size/MD5 checksum: 116596 bb369037b3d2ee0110c15d0b085a410b HP Precision architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_hppa.deb Size/MD5 checksum: 90406 fc707743732c491c29bfdb21d469736f Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_m68k.deb Size/MD5 checksum: 80030 1b434a6598c06e23f3bb253867f59ae5 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_mips.deb Size/MD5 checksum: 84944 a422f253d772ca1c2dae84bac0bb79ea Little endian MIPS architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_mipsel.deb Size/MD5 checksum: 85094 4cf00ccacd87e2295af6618987950e13 PowerPC architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_powerpc.deb Size/MD5 checksum: 84516 853b2929e7f371e79f153f6c57414a1f IBM S/390 architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_s390.deb Size/MD5 checksum: 82424 7f092c974abfe792278c925bdd345775 Sun Sparc architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_sparc.deb Size/MD5 checksum: 92438 77bdcf29501a581a1cb768af644c923b These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBY5+qW5ql+IAeqTIRAsAfAJ9OCkuj0CiIUV/GxATw5IqYG014OgCgsO57 2tpvIRLP8zoqZDV47z9ssf8= =vMyZ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
