----- Original Message ----- From: "Robert van der Meulen" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 02, 2002 3:12 PM Subject: [SECURITY] [DSA-135-1] buffer overflow / DoS in libapache-mod-ssl
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------ > Debian Security Advisory DSA-135-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Robert van der Meulen > July 2, 2002 > - ------------------------------------------------------------------------ > > > Package : libapache-mod-ssl > Problem type : buffer overflow / DoS > Debian-specific: no > > The libapache-mod-ssl package provides SSL capability to the apache > webserver. > Recently, a problem has been found in the handling of .htaccess files, > allowing arbitrary code execution as the web server user (regardless of > ExecCGI / suexec settings), DoS attacks (killing off apache children), and > allowing someone to take control of apache child processes - all trough > specially crafted .htaccess files. > More information about this vulnerability can be found at > > http://online.securityfocus.com/bid/5084 > > This has been fixed in the libapache-mod-ssl_2.4.10-1.3.9-1potato2 package > (for potato), and the libapache-mod-ssl_2.8.9-2 package (for woody) . > We recommend you upgrade as soon as possible. > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > Debian GNU/Linux 2.2 alias potato > - --------------------------------- > > Potato was released for alpha, arm, i386, m68k, powerpc and sparc. > Packages for m68k are not available at this moment. > > Source archives: > > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.4.10-1.3.9-1potato2.dsc > MD5 checksum: 5b2cb207ba8214f52ffbc28836dd8dc4 > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.4.10-1.3.9-1potato2.diff.gz > MD5 checksum: 29eef2b3307f00d92eb425ac669dabec > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.4.10-1.3.9.orig.tar.gz > MD5 checksum: cb0f2e07065438396f0d5df403dd2c16 > > Architecture independent packages: > > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl-doc_2.4.10-1.3.9-1potato2_all.deb > MD5 checksum: ebd8154f614e646b3a12980c8db606b6 > > alpha architecture (DEC Alpha) > > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.4.10-1.3.9-1potato2_alpha.deb > MD5 checksum: a3d73598e692b9c0bb945a52a00a363c > > arm architecture (ARM) > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.4.10-1.3.9-1potato2_arm.deb > MD5 checksum: 11e1085504430cacadd0255a0743b80a > > i386 architecture (Intel ia32) > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.4.10-1.3.9-1potato2_i386.deb > MD5 checksum: a1fd7d6a7ef3506ee0f94e56735d3d08 > > powerpc architecture (PowerPC) > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.4.10-1.3.9-1potato2_powerpc.deb > MD5 checksum: 0f01742c2a77f2728baea4e1e9ad7ff0 > > sparc architecture (Sun SPARC/UltraSPARC) > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.4.10-1.3.9-1potato2_sparc.deb > MD5 checksum: 4982a209adc93acbf50a650a3569d217 > > These packages will be moved into the stable distribution on its next > revision. > > Debian GNU/Linux 3.0 alias woody > - -------------------------------- > > Woody will be released for alpha, arm, hppa, i386, ia64, m68k, mips, > mipsel, powerpc, s390 and sparc. > Packages for ia64 and hppa are not available for the moment. > > Source archives: > > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.8.9-2.dsc > MD5 checksum: 7cce5c97bd3cf35c8782d54a25138165 > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.8.9-2.diff.gz > MD5 checksum: fc9f20e6d3bece6f0d3bad067c61d56a > > Architecture independent packages: > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl-doc_2.8.9-2_all.deb > MD5 checksum: 541257e99c523141625f5fc43fb3dec4 > > alpha architecture (DEC Alpha) > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.8.9-2_alpha.deb > MD5 checksum: 712e406d8be713047f3e46bbf58269a5 > > arm architecture (ARM) > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.8.9-2_arm.deb > MD5 checksum: 8ce3d4d45f45423a6c6b7d795c319d33 > > i386 architecture (intel ia32) > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.8.9-2_i386.deb > MD5 checksum: 06733dc49c228230e5713f34eae7f8b0 > > m68k architecture > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.8.9-2_m68k.deb > MD5 checksum: e5a8518aac6d08bb5e9cc50195d336e3 > > mips architecture > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.8.9-2_mips.deb > MD5 checksum: dde883d6ee72f3b29fc324d9cb497670 > > mipsel architecture > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.8.9-2_mipsel.deb > MD5 checksum: a80756857248358c7973a5b0fb9372e2 > > powerpc architecture (PowerPC) > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.8.9-2_powerpc.deb > MD5 checksum: 715876a54ddddf1e17e4c2ec9d2f5eea > > s390 architecture (S390) > http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapach e-mod-ssl_2.8.9-2_s390.deb > MD5 checksum: 1a31f564ceba0ca82d9892d023caffd0 > > - -- > - ------------------------------------------------------------------------ ---- > apt-get: deb http://security.debian.org/ stable/updates main > dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main > Mailing list: [EMAIL PROTECTED] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (GNU/Linux) > > iD8DBQE9IZiKFLJHZigagQ4RAsfeAJ4ko09I2jr/7Y0R8T1rW90llJnm5wCeL5Lg > NQ6UxAmRGA788LB0wuuYi98= > =TwJP > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > --- Pentru dezabonare, trimiteti mail la [EMAIL PROTECTED] cu subiectul 'unsubscribe rlug'. REGULI, arhive si alte informatii: http://www.lug.ro/mlist/
