what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 160-2

Ubuntu Security Notice 160-2
Posted Sep 8, 2005
Authored by Ubuntu, Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-160-2 - USN-160-1 fixed two vulnerabilities in the Apache 2 server. The old Apache 1 server was also vulnerable to one of the vulnerabilities (CVE-2005-2088). Please note that Apache 1 is not officially supported in Ubuntu (it is in the "universe" component of the archive).

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-2088
SHA-256 | 4c77e34937b466d8814d9fdbcb4bfc9238594501b16e9bf4138b9bea0692a4a6

Ubuntu Security Notice 160-2

Change Mirror Download

--W5WqUoFLvi1M7tJE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-160-2 September 07, 2005
apache vulnerability
CAN-2005-2088
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

apache
apache-perl
apache-ssl

The problem can be corrected by upgrading the affected package to
version 1.3.31-6ubuntu0.8 (for Ubuntu 4.10), or 1.3.33-4ubuntu1 (for
Ubuntu 5.04). In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

USN-160-1 fixed two vulnerabilities in the Apache 2 server. The old
Apache 1 server was also vulnerable to one of the vulnerabilities
(CAN-2005-2088). Please note that Apache 1 is not officially supported
in Ubuntu (it is in the "universe" component of the archive).

For reference, this is the relevant part of the original advisory:

Watchfire discovered that Apache insufficiently verified the
"Transfer-Encoding" and "Content-Length" headers when acting as an
HTTP proxy. By sending a specially crafted HTTP request, a remote
attacker who is authorized to use the proxy could exploit this to
bypass web application firewalls, poison the HTTP proxy cache, and
conduct cross-site scripting attacks against other proxy users.
(CAN-2005-2088)


Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.8.diff.gz
Size/MD5: 372493 c5001a1196912f3edfc785b5e2a5ebbc
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubuntu0.8.dsc
Size/MD5: 1102 c0f99d722fd5092be8c6cc800bc98020
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31.orig.tar.gz
Size/MD5: 3104170 ca475fbb40087eb157ec51334f260d1b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-dev_1.3.31-6ubuntu0.8_all.deb
Size/MD5: 329846 42899fed4f93fc9aa98743ca8d6bbea1
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-doc_1.3.31-6ubuntu0.8_all.deb
Size/MD5: 1186908 e1bf21edf1a8dd848d6fff0ed9c15319

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.8_amd64.deb
Size/MD5: 873716 c70369c55517959829b6596efa3ac295
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.8_amd64.deb
Size/MD5: 9131484 42174cf7f3b4054f1586e6ac0328180e
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.8_amd64.deb
Size/MD5: 520854 389333cfe500df5fa2ddbb05acd39268
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.8_amd64.deb
Size/MD5: 510938 856eb92f93f481c054b473699507b9e7
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.8_amd64.deb
Size/MD5: 271648 1a4f48aa2a3218d148e11a8e83134326
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.8_amd64.deb
Size/MD5: 398398 9af432f952f18349223abdc14efbe5af
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.8_amd64.deb
Size/MD5: 491788 f5b1f7a21c419a2db9b8f8ecc8b00ada

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.8_i386.deb
Size/MD5: 838714 e50241ee55e408f5be6ee0ca528191f4
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.8_i386.deb
Size/MD5: 9080744 0ddc1d368aceb07f7046d80d77e160b7
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.8_i386.deb
Size/MD5: 494480 d0f38faf557c5606da32377bf860bc2d
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.8_i386.deb
Size/MD5: 484248 932390c88b13b14a2d39ae85d4eb2c2c
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.8_i386.deb
Size/MD5: 265448 5349d926e161a16b3416f273591454ef
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.8_i386.deb
Size/MD5: 377652 ccf175352ec693f8dcde9ee0b9005fbe
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.8_i386.deb
Size/MD5: 485142 09118f966d87a9ed22a00f8d641fae48

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.31-6ubuntu0.8_powerpc.deb
Size/MD5: 917796 42513834c278d8313e8ca1496a13a88b
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.31-6ubuntu0.8_powerpc.deb
Size/MD5: 9226168 03fe292aac21254f752010e827ef82b7
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.31-6ubuntu0.8_powerpc.deb
Size/MD5: 511502 4982e1ffb129cca49974208619502834
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.31-6ubuntu0.8_powerpc.deb
Size/MD5: 507376 30d6000a4eebf427f18f9963d9bc94da
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.31-6ubuntu0.8_powerpc.deb
Size/MD5: 278778 36a97646fdb52d9ef8ea93691aad2ab2
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-6ubuntu0.8_powerpc.deb
Size/MD5: 395824 7c4e799a6d4254614819de0a447bf4db
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.2.0-6ubuntu0.8_powerpc.deb
Size/MD5: 489118 ee494dbef77278e641ab54a4154de599

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33-4ubuntu1.diff.gz
Size/MD5: 364482 4fa62ef8a41a30d49f41f3248b0671d0
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33-4ubuntu1.dsc
Size/MD5: 1121 cd89b81f9fc67b4d25cdc8b482e14bf8
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33.orig.tar.gz
Size/MD5: 3105683 1a34f13302878a8713a2ac760d9b6da8

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dev_1.3.33-4ubuntu1_all.deb
Size/MD5: 331086 5dbb29add5c15b72a1901b653d22affd
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-doc_1.3.33-4ubuntu1_all.deb
Size/MD5: 1189152 f55d0f105549e660ff785b4f983df80d
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-utils_1.3.33-4ubuntu1_all.deb
Size/MD5: 211854 84bd3cb878b4c8125fc17b42497db935

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-common_1.3.33-4ubuntu1_amd64.deb
Size/MD5: 875046 c6bdfa39ba3a12c70b82824b955cb6ed
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.33-4ubuntu1_amd64.deb
Size/MD5: 9163882 d0e9ec7f9d9a49a431f5fd97f93f6b87
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.33-4ubuntu1_amd64.deb
Size/MD5: 522170 c54f45b7938d50f70a966aad92a673a0
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.33-4ubuntu1_amd64.deb
Size/MD5: 512346 8a0bf2edac677b390b9f8c9b43c38c79
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33-4ubuntu1_amd64.deb
Size/MD5: 399826 cde2880823c45ae1a57f3bd748d298b3
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.3-4ubuntu1_amd64.deb
Size/MD5: 492232 27674bfd322d2832e750d416d0159289

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-common_1.3.33-4ubuntu1_i386.deb
Size/MD5: 839554 6b29480273d1006da2515b2e0573e9d2
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.33-4ubuntu1_i386.deb
Size/MD5: 9104572 b9d31e4995d51b303e99cf0268ca0f76
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.33-4ubuntu1_i386.deb
Size/MD5: 495148 45ab419a9a5bc9d722f05b61d0e85628
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.33-4ubuntu1_i386.deb
Size/MD5: 485346 20658ea1db74678ebb640fcabaa95359
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33-4ubuntu1_i386.deb
Size/MD5: 378756 b6eb23b11d150e41ad0520595963dc12
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.3-4ubuntu1_i386.deb
Size/MD5: 485640 e9665bcc49dba12bb88d0dbbc91dc2ca

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-common_1.3.33-4ubuntu1_powerpc.deb
Size/MD5: 919468 1acb3a95dc392908764366eb7a9cf837
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3.33-4ubuntu1_powerpc.deb
Size/MD5: 9253540 b79b964d8b328168a5e84141369591b6
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.3.33-4ubuntu1_powerpc.deb
Size/MD5: 513098 e3731ecc291e9f4a1b33909991973a5a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3.33-4ubuntu1_powerpc.deb
Size/MD5: 508990 f93f9393257bfeb010757eca85067f77
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.33-4ubuntu1_powerpc.deb
Size/MD5: 397092 ec577980cf93a5de6f8ec7e5db0316a9
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-perl_1.29.0.3-4ubuntu1_powerpc.deb
Size/MD5: 490332 6a06c0a6a65c34b48e99e5d666b35500

--W5WqUoFLvi1M7tJE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDHpvFDecnbV4Fd/IRApNsAKCnpHBcHzuG0Jpt2EgyDhC/PK+prgCeMBdG
jbdcQxXQyn0xNOoppIwIHMc=
=e5oW
-----END PGP SIGNATURE-----

--W5WqUoFLvi1M7tJE--
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close