Bug#327269: apache2 security update breaks ssl+svn
Andreas Jellinghaus wrote: >Package: apache2 >Version: 2.0.54-5 >Severity: critical > >After upgrading 2.0.54-4 to 2.0.54-5 svn+ssl is broken: > >subversion client (e.g. checkout): >svn: PROPFIND request failed on '/svn/test' >svn: PROPFIND of '/svn/test': Could not read status line: SSL error: sslv3 >alert unexpected message (https://www.opensc.org) > >apache error log: >[Thu Sep 08 20:47:39 2005] [error] Re-negotiation handshake failed: Not >accepted by client!? > >downgrade to 2.0.54-4 and everything is fine again. > >debian gnu linux / sarge / kernel 2.6.11.11 vanilla, i386, >apache2 on 80 and 443, ssl with self signed certificate, >accepting a list of self signed certificates, svn repository >needs those for write access only. > >more configuration and any detail you need available on request. > > I would like a tarball of your /etc/apache2/, if that's not too much inconvenience. I suspect a combination of a longstanding subversion bug and a (mis)configuration of apache2 are biting you, and the recent apache2 bugfix just exposed the issue. I need to see how you have your sites set up to confirm this, though. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: closing 327210
Processing commands for [EMAIL PROTECTED]: > # Automatically generated email from bts, devscripts version 2.9.7 > close 327210 2.0.54-5 Bug#327210: apache2: CAN-2005-2700 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 2.0.54-5, send any further explanations to Juergen Kreileder <[EMAIL PROTECTED]> > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#327210: marked as done (apache2: CAN-2005-2700)
Your message dated Fri, 09 Sep 2005 10:10:22 +1000 with message-id <[EMAIL PROTECTED]> and subject line Closing this bug. has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 8 Sep 2005 11:56:17 + >From [EMAIL PROTECTED] Thu Sep 08 04:56:17 2005 Return-path: <[EMAIL PROTECTED]> Received: from smtp.blackdown.de [213.239.206.42] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EDL0r-00059N-00; Thu, 08 Sep 2005 04:56:17 -0700 Received: from p50909074.dip0.t-ipconnect.de ([80.144.144.116] ident=[oOVMVvEhkZdhuzXZN38gshWY7Yo6U33e]) by smtp.blackdown.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1EDL0f-0008K3-S0 for [EMAIL PROTECTED]; Thu, 08 Sep 2005 13:56:05 +0200 Received: from fry.jknet ([192.168.1.2] ident=[btV3bMm6pD4ub1LvHGFVPLglcm44NJoB]) by server.jknet with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1EDL0W-0006NV-Nx for [EMAIL PROTECTED]; Thu, 08 Sep 2005 13:55:56 +0200 Received: from jk by fry.jknet with local (Exim 4.52) id 1EDL0W-0007OT-Dp for [EMAIL PROTECTED]; Thu, 08 Sep 2005 13:55:56 +0200 From: Juergen Kreileder <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: apache2: CAN-2005-2700 X-PGP-Key: http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x730A28A5 X-PGP-Fingerprint: 7C19 D069 9ED5 DC2E 1B10 9859 C027 8D5B 730A 28A5 X-Debbugs-CC: Juergen Kreileder <[EMAIL PROTECTED]> Date: Thu, 08 Sep 2005 13:55:56 +0200 Message-ID: <[EMAIL PROTECTED]> Organization: Blackdown Java-Linux Team Lines: 21 User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.4 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 Package: apache2 Version: 2.0.54-4 Severity: critical Tags: security, fixed-upstream See http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700 , | ssl_engine_kernel.c in mod_ssl before 2.8.24, when using | "SSLVerifyClient optional" in the global virtual host configuration, | does not properly enforce "SSLVerifyClient require" in a per-location | context, which allows remote attackers to bypass intended access | restrictions. ` Juergen -- Juergen Kreileder, Blackdown Java-Linux Team http://blog.blackdown.de/ --- Received: (at 327210-done) by bugs.debian.org; 9 Sep 2005 00:11:03 + >From [EMAIL PROTECTED] Thu Sep 08 17:11:03 2005 Return-path: <[EMAIL PROTECTED]> Received: from loki.0c3.net [69.0.240.48] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EDWTv-0008HJ-00; Thu, 08 Sep 2005 17:11:03 -0700 Received: from [203.49.196.168] (helo=[10.0.0.4]) by loki.0c3.net with esmtp (Exim 4.34) id 1EDWTN-0003xC-V1 for [EMAIL PROTECTED]; Thu, 08 Sep 2005 18:10:30 -0600 Message-ID: <[EMAIL PROTECTED]> Date: Fri, 09 Sep 2005 10:10:22 +1000 From: Adam Conrad <[EMAIL PROTECTED]> User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050831) X-Accept-Language: en-us, en MIME-Version: 1.0 To: [EMAIL PROTECTED] Subject: Closing this bug. X-Enigmail-Version: 0.92.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no version=2.60-bugs.debian.org_2005_01_02 The update has been released, as 2.0.54-5, so closing this bug. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processed: severity of 327269 is grave
Processing commands for [EMAIL PROTECTED]: > # Automatically generated email from bts, devscripts version 2.9.4 > # regression, but certainly doesn't break the whole system > severity 327269 grave Bug#327269: apache2 security update breaks ssl+svn Severity set to `grave'. > End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#327269: apache2 security update breaks ssl+svn
Package: apache2 Version: 2.0.54-5 Severity: critical After upgrading 2.0.54-4 to 2.0.54-5 svn+ssl is broken: subversion client (e.g. checkout): svn: PROPFIND request failed on '/svn/test' svn: PROPFIND of '/svn/test': Could not read status line: SSL error: sslv3 alert unexpected message (https://www.opensc.org) apache error log: [Thu Sep 08 20:47:39 2005] [error] Re-negotiation handshake failed: Not accepted by client!? downgrade to 2.0.54-4 and everything is fine again. debian gnu linux / sarge / kernel 2.6.11.11 vanilla, i386, apache2 on 80 and 443, ssl with self signed certificate, accepting a list of self signed certificates, svn repository needs those for write access only. more configuration and any detail you need available on request. Regards, Andreas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#320048: marked as done (SECURITY: buffer-overrun in apache2-ssl (CAN-2005-1268))
Your message dated Thu, 08 Sep 2005 11:17:06 -0700 with message-id <[EMAIL PROTECTED]> and subject line Bug#320063: fixed in apache2 2.0.54-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 26 Jul 2005 17:11:21 + >From [EMAIL PROTECTED] Tue Jul 26 10:11:21 2005 Return-path: <[EMAIL PROTECTED]> Received: from mail.incase.de [85.10.192.47] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1DxSxd-0007O9-00; Tue, 26 Jul 2005 10:11:21 -0700 Received: from localhost (localhost [127.0.0.1]) by mail1_1.incase.de (Postfix) with ESMTP id 0C19B251B18 for <[EMAIL PROTECTED]>; Tue, 26 Jul 2005 19:10:46 +0200 (CEST) Received: from mail.incase.de ([127.0.0.1]) by localhost (mail1.incase.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28020-01 for <[EMAIL PROTECTED]>; Tue, 26 Jul 2005 19:10:44 +0200 (CEST) Received: from mail2.incase.de (mail.incase.de [85.10.192.47]) by mail.incase.de (Postfix) with SMTP id B17F6251B17 for <[EMAIL PROTECTED]>; Tue, 26 Jul 2005 19:10:44 +0200 (CEST) Received: by mail2.incase.de (sSMTP sendmail emulation); Tue, 26 Jul 2005 19:10:44 +0200 Content-Type: multipart/mixed; boundary="===1719839988==" MIME-Version: 1.0 From: Sven Mueller <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: security: Buffer overflow in ssl_engine_kernel.c X-Mailer: reportbug 3.8 Date: Tue, 26 Jul 2005 19:10:44 +0200 Message-Id: <[EMAIL PROTECTED]> X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at incase.de X-Spam-Bayes: Score: 0. Tokensummary: Tokens: new, 47; hammy, 98; neutral, 61; spammy, 0. Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 This is a multi-part MIME message sent by reportbug. --===1719839988== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Package: apache2 Version: 2.0.54-4 Severity: grave Tags: security, patch Justification: possible DoS There is a buffer overflow (off-by-one in buffer size checks) in ssl_engine_kernel.c which could be exploited to DoS the server. Upstream bug report at http://issues.apache.org/bugzilla/show_bug.cgi?id=35081 Upstream patch at http://svn.apache.org/viewcvs.cgi/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=179781&view=diff&r1=179781&r2=179780&p1=httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c&p2=/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (SVN revision 179781) patch which can be dropped into the Debian package as 043_fix_buffer_overflow_in_ssl_engine_kernel is attached -- System Information: Debian Release: 3.1 APT prefers stable Architecture: i386 (i686) Kernel: Linux 2.6.11.12-incase Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages apache2 depends on: ii apache2-mpm-prefork 2.0.54-4 traditional model for Apache2 -- no debconf information --===1719839988== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="043_fix_buffer_overflow_in_ssl_engine_kernel" diff -ruN -x Makefile.in -x configure -x '*~' -x build-tree.orig -x '*.rej' build-tree.orig/apache2/config.layout build-tree/apache2/config.layout --- build-tree.orig/apache2/modules/ssl/ssl_engine_kernel.c 2005/06/03 12:43:35 179780 +++ build-tree/apache2/modules/ssl/ssl_engine_kernel.c 2005/06/03 12:54:53 179781 @@ -1408,7 +1408,7 @@ BIO_printf(bio, ", nextUpdate: "); ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl)); -n = BIO_read(bio, buff, sizeof(buff)); +n = BIO_read(bio, buff, sizeof(buff) - 1); buff[n] = '\0'; BIO_free(bio); --===1719839988==-- --- Received: (at 320063-close) by bugs.debian.org; 8 Sep 2005 18:22:55 + >From [EMAIL PROTECTED] Thu Sep 08 11:22:55 2005 Return-path: <[EMAIL PROTECTED]> Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1EDQxO-00065g-00; Thu, 08 Sep 2005 11:17:06 -0700 From: Adam Conrad <[EMAIL PROTECTED]>
Bug#320063: marked as done (Security: buffer-overrun in apache2-ssl)
Your message dated Thu, 08 Sep 2005 11:17:06 -0700 with message-id <[EMAIL PROTECTED]> and subject line Bug#320048: fixed in apache2 2.0.54-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 26 Jul 2005 18:45:58 + >From [EMAIL PROTECTED] Tue Jul 26 11:45:58 2005 Return-path: <[EMAIL PROTECTED]> Received: from svr.bitshelter.net (mx0.bitshelter.net) [85.10.193.115] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1DxURC-0002H7-00; Tue, 26 Jul 2005 11:45:58 -0700 Received: from localhost (localhost [127.0.0.1]) by mx0.bitshelter.net (Postfix) with ESMTP id 2AC873FFEC for <[EMAIL PROTECTED]>; Tue, 26 Jul 2005 20:45:54 +0200 (CEST) Received: from mx0.bitshelter.net ([127.0.0.1]) by localhost (svr.bitshelter.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 29705-01-2 for <[EMAIL PROTECTED]>; Tue, 26 Jul 2005 20:45:39 +0200 (CEST) Received: from nz (J1afb.j.pppool.de [85.74.26.251]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mx0.bitshelter.net (Postfix) with ESMTP id 6A0BD3FF4A for <[EMAIL PROTECTED]>; Tue, 26 Jul 2005 20:45:39 +0200 (CEST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Security: buffer-overrun in apache2-ssl Date: Tue, 26 Jul 2005 20:45:35 +0200 User-Agent: KMail/1.8.1 X-Fingerprint: BBF9 60C6 892A A542 0006 B208 63F8 974C 8DC6 9FB4 X-PGP: 8DC69FB4 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.4 required=4.0 tests=BAYES_00,HAS_PACKAGE, NO_REAL_NAME autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: apache2 Version: 2.0.54-4 Severity:critical Tags: security, fixed-upstream There is a possible remote-exploitable buffer overrun in the Apache2 ssl implementation. A patch is available. See http://issues.apache.org/bugzilla/show_bug.cgi?id=35081 and http://svn.apache.org/viewcvs?rev=189562&view=rev --- Received: (at 320048-close) by bugs.debian.org; 8 Sep 2005 18:21:33 + >From [EMAIL PROTECTED] Thu Sep 08 11:21:33 2005 Return-path: <[EMAIL PROTECTED]> Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1EDQxO-00065e-00; Thu, 08 Sep 2005 11:17:06 -0700 From: Adam Conrad <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#320048: fixed in apache2 2.0.54-5 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Thu, 08 Sep 2005 11:17:06 -0700 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 2 Source: apache2 Source-Version: 2.0.54-5 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-common_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb apache2-doc_2.0.54-5_all.deb to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb apache2-mpm-perchild_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb apache2-mpm-prefork_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb apache2-mpm-threadpool_2.0.54-5_all.deb to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb apache2-mpm-worker_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb apache2-prefork-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb apache2-threaded-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb apache2-utils_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb apache2_2.0.54-5.diff.gz to pool/main/a/apache2/apache2_2.0.54-5.diff.gz apache2_2.0.54-5.dsc to pool/main/a/apache2/apache2_2.0.54-5.dsc apache2_2.0.54-5_i386.deb to pool/main/a/apache2/apache2_2.0.54-5_i386.deb libapr0-dev_2.0.54-5_i386.deb to pool/main/a/
Bug#320048: marked as done (SECURITY: buffer-overrun in apache2-ssl (CAN-2005-1268))
Your message dated Thu, 08 Sep 2005 11:17:06 -0700 with message-id <[EMAIL PROTECTED]> and subject line Bug#320048: fixed in apache2 2.0.54-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 26 Jul 2005 17:11:21 + >From [EMAIL PROTECTED] Tue Jul 26 10:11:21 2005 Return-path: <[EMAIL PROTECTED]> Received: from mail.incase.de [85.10.192.47] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1DxSxd-0007O9-00; Tue, 26 Jul 2005 10:11:21 -0700 Received: from localhost (localhost [127.0.0.1]) by mail1_1.incase.de (Postfix) with ESMTP id 0C19B251B18 for <[EMAIL PROTECTED]>; Tue, 26 Jul 2005 19:10:46 +0200 (CEST) Received: from mail.incase.de ([127.0.0.1]) by localhost (mail1.incase.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28020-01 for <[EMAIL PROTECTED]>; Tue, 26 Jul 2005 19:10:44 +0200 (CEST) Received: from mail2.incase.de (mail.incase.de [85.10.192.47]) by mail.incase.de (Postfix) with SMTP id B17F6251B17 for <[EMAIL PROTECTED]>; Tue, 26 Jul 2005 19:10:44 +0200 (CEST) Received: by mail2.incase.de (sSMTP sendmail emulation); Tue, 26 Jul 2005 19:10:44 +0200 Content-Type: multipart/mixed; boundary="===1719839988==" MIME-Version: 1.0 From: Sven Mueller <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: security: Buffer overflow in ssl_engine_kernel.c X-Mailer: reportbug 3.8 Date: Tue, 26 Jul 2005 19:10:44 +0200 Message-Id: <[EMAIL PROTECTED]> X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at incase.de X-Spam-Bayes: Score: 0. Tokensummary: Tokens: new, 47; hammy, 98; neutral, 61; spammy, 0. Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 This is a multi-part MIME message sent by reportbug. --===1719839988== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Package: apache2 Version: 2.0.54-4 Severity: grave Tags: security, patch Justification: possible DoS There is a buffer overflow (off-by-one in buffer size checks) in ssl_engine_kernel.c which could be exploited to DoS the server. Upstream bug report at http://issues.apache.org/bugzilla/show_bug.cgi?id=35081 Upstream patch at http://svn.apache.org/viewcvs.cgi/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=179781&view=diff&r1=179781&r2=179780&p1=httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c&p2=/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (SVN revision 179781) patch which can be dropped into the Debian package as 043_fix_buffer_overflow_in_ssl_engine_kernel is attached -- System Information: Debian Release: 3.1 APT prefers stable Architecture: i386 (i686) Kernel: Linux 2.6.11.12-incase Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages apache2 depends on: ii apache2-mpm-prefork 2.0.54-4 traditional model for Apache2 -- no debconf information --===1719839988== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="043_fix_buffer_overflow_in_ssl_engine_kernel" diff -ruN -x Makefile.in -x configure -x '*~' -x build-tree.orig -x '*.rej' build-tree.orig/apache2/config.layout build-tree/apache2/config.layout --- build-tree.orig/apache2/modules/ssl/ssl_engine_kernel.c 2005/06/03 12:43:35 179780 +++ build-tree/apache2/modules/ssl/ssl_engine_kernel.c 2005/06/03 12:54:53 179781 @@ -1408,7 +1408,7 @@ BIO_printf(bio, ", nextUpdate: "); ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl)); -n = BIO_read(bio, buff, sizeof(buff)); +n = BIO_read(bio, buff, sizeof(buff) - 1); buff[n] = '\0'; BIO_free(bio); --===1719839988==-- --- Received: (at 320048-close) by bugs.debian.org; 8 Sep 2005 18:21:33 + >From [EMAIL PROTECTED] Thu Sep 08 11:21:33 2005 Return-path: <[EMAIL PROTECTED]> Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1EDQxO-00065e-00; Thu, 08 Sep 2005 11:17:06 -0700 From: Adam Conrad <[EMAIL PROTECTED]>
Bug#316173: marked as done (SECURITY: HTTP proxy responses with both Transfer-Encoding and Content-Length headers (CAN-2005-2088))
Your message dated Thu, 08 Sep 2005 11:17:06 -0700 with message-id <[EMAIL PROTECTED]> and subject line Bug#316173: fixed in apache2 2.0.54-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 28 Jun 2005 22:49:46 + >From [EMAIL PROTECTED] Tue Jun 28 15:49:44 2005 Return-path: <[EMAIL PROTECTED]> Received: from inutil.org (vserver151.vserver151.serverflex.de) [193.22.164.111] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DnOtj-0005fj-00; Tue, 28 Jun 2005 15:49:43 -0700 Received: from dsl-082-082-137-197.arcor-ip.net ([82.82.137.197] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1DnOo7-0006DV-N0 for [EMAIL PROTECTED]; Wed, 29 Jun 2005 00:43:55 +0200 Received: from jmm by localhost.localdomain with local (Exim 4.51) id 1DnOtX-0001i1-IX; Wed, 29 Jun 2005 00:49:31 +0200 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers X-Mailer: reportbug 3.15 Date: Wed, 29 Jun 2005 00:49:31 +0200 X-Debbugs-Cc: [EMAIL PROTECTED] Message-Id: <[EMAIL PROTECTED]> X-SA-Exim-Connect-IP: 82.82.137.197 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: apache2 Severity: grave Tags: security Justification: user security hole Latest 2.1.6-alpha fixes a security in the proxy HTTP code: | The 2.1.6-alpha release addresses a security vulnerability present | in all previous 2.x versions. This fault did not affect Apache 1.3.x | (which did not proxy keepalives or chunked transfer encoding); |Proxy HTTP: If a response contains both Transfer-Encoding |and a Content-Length, remove the Content-Length to eliminate |an HTTP Request Smuggling vulnerability and don't reuse the |connection, stopping some HTTP Request Spoofing attacks. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-rc5 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) --- Received: (at 316173-close) by bugs.debian.org; 8 Sep 2005 18:21:34 + >From [EMAIL PROTECTED] Thu Sep 08 11:21:33 2005 Return-path: <[EMAIL PROTECTED]> Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1EDQxO-00065c-00; Thu, 08 Sep 2005 11:17:06 -0700 From: Adam Conrad <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#316173: fixed in apache2 2.0.54-5 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Thu, 08 Sep 2005 11:17:06 -0700 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 Source: apache2 Source-Version: 2.0.54-5 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-common_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb apache2-doc_2.0.54-5_all.deb to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb apache2-mpm-perchild_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb apache2-mpm-prefork_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb apache2-mpm-threadpool_2.0.54-5_all.deb to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb apache2-mpm-worker_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb apache2-prefork-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apach
Bug#320063: marked as done (Security: buffer-overrun in apache2-ssl)
Your message dated Thu, 08 Sep 2005 11:17:06 -0700 with message-id <[EMAIL PROTECTED]> and subject line Bug#320063: fixed in apache2 2.0.54-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 26 Jul 2005 18:45:58 + >From [EMAIL PROTECTED] Tue Jul 26 11:45:58 2005 Return-path: <[EMAIL PROTECTED]> Received: from svr.bitshelter.net (mx0.bitshelter.net) [85.10.193.115] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1DxURC-0002H7-00; Tue, 26 Jul 2005 11:45:58 -0700 Received: from localhost (localhost [127.0.0.1]) by mx0.bitshelter.net (Postfix) with ESMTP id 2AC873FFEC for <[EMAIL PROTECTED]>; Tue, 26 Jul 2005 20:45:54 +0200 (CEST) Received: from mx0.bitshelter.net ([127.0.0.1]) by localhost (svr.bitshelter.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 29705-01-2 for <[EMAIL PROTECTED]>; Tue, 26 Jul 2005 20:45:39 +0200 (CEST) Received: from nz (J1afb.j.pppool.de [85.74.26.251]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mx0.bitshelter.net (Postfix) with ESMTP id 6A0BD3FF4A for <[EMAIL PROTECTED]>; Tue, 26 Jul 2005 20:45:39 +0200 (CEST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Security: buffer-overrun in apache2-ssl Date: Tue, 26 Jul 2005 20:45:35 +0200 User-Agent: KMail/1.8.1 X-Fingerprint: BBF9 60C6 892A A542 0006 B208 63F8 974C 8DC6 9FB4 X-PGP: 8DC69FB4 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.4 required=4.0 tests=BAYES_00,HAS_PACKAGE, NO_REAL_NAME autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: apache2 Version: 2.0.54-4 Severity:critical Tags: security, fixed-upstream There is a possible remote-exploitable buffer overrun in the Apache2 ssl implementation. A patch is available. See http://issues.apache.org/bugzilla/show_bug.cgi?id=35081 and http://svn.apache.org/viewcvs?rev=189562&view=rev --- Received: (at 320063-close) by bugs.debian.org; 8 Sep 2005 18:22:55 + >From [EMAIL PROTECTED] Thu Sep 08 11:22:55 2005 Return-path: <[EMAIL PROTECTED]> Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1EDQxO-00065g-00; Thu, 08 Sep 2005 11:17:06 -0700 From: Adam Conrad <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#320063: fixed in apache2 2.0.54-5 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Thu, 08 Sep 2005 11:17:06 -0700 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 3 Source: apache2 Source-Version: 2.0.54-5 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-common_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb apache2-doc_2.0.54-5_all.deb to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb apache2-mpm-perchild_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb apache2-mpm-prefork_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb apache2-mpm-threadpool_2.0.54-5_all.deb to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb apache2-mpm-worker_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb apache2-prefork-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb apache2-threaded-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb apache2-utils_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb apache2_2.0.54-5.diff.gz to pool/main/a/apache2/apache2_2.0.54-5.diff.gz apache2_2.0.54-5.dsc to pool/main/a/apache2/apache2_2.0.54-5.dsc apache2_2.0.54-5_i386.deb to pool/main/a/apache2/apache2_2.0.54-5_i386.deb libapr0-dev_2.0.54-5_i386.deb to pool/main/a/
Bug#326435: marked as done (CAN-2005-2728: DoS through overly long Range values passed to the byte-range filter)
Your message dated Thu, 08 Sep 2005 11:17:06 -0700 with message-id <[EMAIL PROTECTED]> and subject line Bug#326435: fixed in apache2 2.0.54-5 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 3 Sep 2005 09:52:21 + >From [EMAIL PROTECTED] Sat Sep 03 02:52:21 2005 Return-path: <[EMAIL PROTECTED]> Received: from (vserver151.vserver151.serverflex.de) [193.22.164.111] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EBUhA-000690-00; Sat, 03 Sep 2005 02:52:21 -0700 Received: from dsl-082-082-147-113.arcor-ip.net ([82.82.147.113] helo=localhost.localdomain) by vserver151.vserver151.serverflex.de with esmtpsa (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.50) id 1EBUh5-0007MF-M0 for [EMAIL PROTECTED]; Sat, 03 Sep 2005 11:52:15 +0200 Received: from jmm by localhost.localdomain with local (Exim 4.52) id 1EBUhm-0001WK-DA; Sat, 03 Sep 2005 11:52:58 +0200 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Moritz Muehlenhoff <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: CAN-2005-2728: DoS through overly long Range values passed to the byte-range filter X-Mailer: reportbug 3.17 Date: Sat, 03 Sep 2005 11:52:58 +0200 X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]> Message-Id: <[EMAIL PROTECTED]> X-SA-Exim-Connect-IP: 82.82.147.113 X-SA-Exim-Mail-From: [EMAIL PROTECTED] X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond expanded to false Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE, X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02 Package: apache2 Severity: important Tags: security CAN-2005-2728 describes a DoS vulnerability through overly long values in the Range field. Please see http://issues.apache.org/bugzilla/show_bug.cgi?id=29962 for a more complete description and a patch. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) --- Received: (at 326435-close) by bugs.debian.org; 8 Sep 2005 18:22:56 + >From [EMAIL PROTECTED] Thu Sep 08 11:22:56 2005 Return-path: <[EMAIL PROTECTED]> Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1EDQxO-00065m-00; Thu, 08 Sep 2005 11:17:06 -0700 From: Adam Conrad <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.56 $ Subject: Bug#326435: fixed in apache2 2.0.54-5 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Thu, 08 Sep 2005 11:17:06 -0700 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 4 Source: apache2 Source-Version: 2.0.54-5 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-common_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb apache2-doc_2.0.54-5_all.deb to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb apache2-mpm-perchild_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb apache2-mpm-prefork_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb apache2-mpm-threadpool_2.0.54-5_all.deb to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb apache2-mpm-worker_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb apache2-prefork-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb apache2-threaded-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb apache2-utils_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb apache2_2.0.54-5.diff.gz to pool/main/a/apache2/apache2_2.0.54-5.diff.gz apache2_2.0.54-5.dsc to pool/main/a/a
apache2_2.0.54-5_i386.changes ACCEPTED
Mapping stable-security to proposed-updates. Warning: Propogating upload to unstable Warning: Propogating upload to testing-proposed-updates Warning: Propogating upload to unstable Warning: Propogating upload to unstable Warning: Propogating upload to testing-proposed-updates Warning: Propogating upload to unstable Warning: Propogating upload to unstable Warning: Propogating upload to testing-proposed-updates Warning: Propogating upload to unstable Warning: Propogating upload to unstable Warning: Propogating upload to testing-proposed-updates Warning: Propogating upload to unstable Warning: Propogating upload to unstable Warning: Propogating upload to testing-proposed-updates Warning: Propogating upload to unstable Warning: Propogating upload to unstable Warning: Propogating upload to testing-proposed-updates Warning: Propogating upload to unstable Warning: Propogating upload to unstable Warning: Propogating upload to testing-proposed-updates Warning: Propogating upload to unstable Warning: Propogating upload to unstable Warning: Propogating upload to testing-proposed-updates Warning: Propogating upload to unstable Warning: Propogating upload to unstable Warning: Propogating upload to testing-proposed-updates Warning: Propogating upload to unstable Warning: Propogating upload to unstable Warning: Propogating upload to testing-proposed-updates Warning: Propogating upload to unstable Warning: Propogating upload to unstable Warning: Propogating upload to testing-proposed-updates Warning: Propogating upload to unstable Warning: Propogating upload to unstable Warning: Propogating upload to testing-proposed-updates Warning: Propogating upload to unstable Warning: Propogating upload to unstable Warning: Propogating upload to testing-proposed-updates Warning: ignoring apache2_2.0.54.orig.tar.gz, since it's already in the archive. Accepted: apache2-common_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb apache2-doc_2.0.54-5_all.deb to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb apache2-mpm-perchild_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb apache2-mpm-prefork_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb apache2-mpm-threadpool_2.0.54-5_all.deb to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb apache2-mpm-worker_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb apache2-prefork-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb apache2-threaded-dev_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb apache2-utils_2.0.54-5_i386.deb to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb apache2_2.0.54-5.diff.gz to pool/main/a/apache2/apache2_2.0.54-5.diff.gz apache2_2.0.54-5.dsc to pool/main/a/apache2/apache2_2.0.54-5.dsc apache2_2.0.54-5_i386.deb to pool/main/a/apache2/apache2_2.0.54-5_i386.deb libapr0-dev_2.0.54-5_i386.deb to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb libapr0_2.0.54-5_i386.deb to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb Announcing to debian-devel-changes@lists.debian.org Announcing to [EMAIL PROTECTED] Announcing to debian-changes@lists.debian.org Closing bugs: 316173 320048 320063 326435 Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Processing of apache2_2.0.54-5_i386.changes
apache2_2.0.54-5_i386.changes uploaded successfully to localhost along with the files: apache2_2.0.54-5.dsc apache2_2.0.54.orig.tar.gz apache2_2.0.54-5.diff.gz apache2-mpm-threadpool_2.0.54-5_all.deb apache2-doc_2.0.54-5_all.deb apache2-common_2.0.54-5_i386.deb apache2-utils_2.0.54-5_i386.deb apache2-mpm-worker_2.0.54-5_i386.deb apache2-mpm-perchild_2.0.54-5_i386.deb apache2-mpm-prefork_2.0.54-5_i386.deb apache2-prefork-dev_2.0.54-5_i386.deb apache2-threaded-dev_2.0.54-5_i386.deb libapr0_2.0.54-5_i386.deb libapr0-dev_2.0.54-5_i386.deb apache2_2.0.54-5_i386.deb Greetings, Your Debian queue daemon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#327235: Client hangs when connecting to Apache server
Package: apache Version: 1.3.26-0woody6 Weird one this. I realise Woody is no longer stable, we plan an upgrade, however this bug is biting us. A form submission to a Apache will hang it on the sixth submission. To reproduce, take some html such as: save in a .php script, and load the page. Click the submit button six times. On the sixth time, your connection will hang. Same for perl. Save as a .pl script, wrap it in some print statements, add a header, and voila - breakage on the sixth click. I can reproduce this on three servers.
Bug#327210: apache2: CAN-2005-2700
Juergen Kreileder wrote: > Package: apache2 > Version: 2.0.54-4 > Severity: critical > Tags: security, fixed-upstream > > See http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700 An update is already in the works for this. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#327210: apache2: CAN-2005-2700
Package: apache2 Version: 2.0.54-4 Severity: critical Tags: security, fixed-upstream See http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700 , | ssl_engine_kernel.c in mod_ssl before 2.8.24, when using | "SSLVerifyClient optional" in the global virtual host configuration, | does not properly enforce "SSLVerifyClient require" in a per-location | context, which allows remote attackers to bypass intended access | restrictions. ` Juergen -- Juergen Kreileder, Blackdown Java-Linux Team http://blog.blackdown.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#327193: mod_autoindex overrides the viewer's browser default colors
Package: apache-common Version: 1.3.33-6 Severity: minor File: mod_autoindex.so mod_autoindex overrides the viewer's browser default colors, by including bgcolor="#ff" text="#00" without being asked do to so. This is caused by the modifications hard-coded in the source file apache-1.3.33/debian/patches/030_autoindex_studly where it changes the original autoindex from the Apache Foundation. The colors of the pages, including autoindex, should be the user's preferred, or the webmaster's defined. I don't think Debian should enforce its preferred colors to everyone. Please leave the reader's default colors in autoindex, by removing these bgcolor and text tags. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.27-2-386 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages apache-common depends on: ii apache2-utils 2.0.54-4 utility programs for webservers ii debconf 1.4.30.13Debian configuration management sy ii epiphany-browser [www-b 1.4.8-3 Intuitive GNOME web browser ii konqueror [www-browser] 4:3.3.2-1KDE's advanced File Manager, Web B ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libdb4.24.2.52-18Berkeley v4.2 Database Libraries [ ii libexpat1 1.95.8-3 XML parsing C library - runtime li ii links [www-browser] 0.99+1.00pre12-1 Character mode WWW browser ii lynx [www-browser] 2.8.5-2 Text-mode WWW Browser ii mime-support3.28-1 MIME files 'mime.types' & 'mailcap ii mozilla-browser [www-br 2:1.7.8-1sarge1 The Mozilla Internet application s ii mozilla-firefox [www-br 1.0.4-2sarge2lightweight web browser based on M ii perl5.8.4-8 Larry Wall's Practical Extraction ii sed 4.1.2-8 The GNU sed stream editor ii ucf 1.17 Update Configuration File: preserv ii w3m [www-browser] 0.5.1-3 WWW browsable pager with excellent -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
