This bug was fixed in the package apache2 - 2.2.8-1ubuntu0.4 --------------- apache2 (2.2.8-1ubuntu0.4) hardy-security; urgency=low
[ Emanuele Gentili ] * SECURITY UPDATE: + debian/patches/201_security_CVE-2008-2364.dpatch (LP: #239894) - The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. + References - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2364 [ Marc Deslauriers ] * SECURITY UPDATE: Cross-site request forgery (CSRF) in balancer-manager in mod_proxy_balancer - debian/patches/200_security_CVE-2007-6420.dpatch: generate and validate a nonce in modules/proxy/mod_proxy_balancer.c. - CVE-2007-6420 * SECURITY UPDATE: Denial of service via large number of interim responses in mod_proxy module (LP: #239894) - debian/patches/201_security_CVE-2008-2364.dpatch: updated patch to newer version. - CVE-2008-2364 * SECURITY UPDATE: Cross-site scripting (XSS) vulnerability in the mod_proxy_ftp module - debian/patches/202_security_CVE-2008-2939.dpatch: escape the html contained in the wildcard value in modules/proxy/mod_proxy_ftp.c. - CVE-2008-2939 -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Thu, 05 Mar 2009 17:20:17 -0500 -- CVE-2008-2364 Apache2 mod_proxy_http.c DOS https://bugs.launchpad.net/bugs/239894 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs