what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 160-1

Ubuntu Security Notice 160-1
Posted Aug 5, 2005
Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice USN-160-1 - Multiple vulnerabilities exist in Apache 2.x. Marc Stern discovered a buffer overflow in the SSL module's certificate revocation list (CRL) handler. Watchfire discovered that Apache insufficiently verified the Transfer-Encoding and Content-Length headers when acting as an HTTP proxy.

tags | advisory, web, overflow, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-1268, CVE-2005-2088
SHA-256 | 610b03eb7c16047b642cbaee4904e8cd04c4a4a3db1da1f42f420be9fd66160c

Ubuntu Security Notice 160-1

Change Mirror Download

--6TrnltStXW4iwmi0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-160-1 August 04, 2005
apache2 vulnerabilities
CAN-2005-1268, CAN-2005-2088
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

apache2-mpm-perchild
apache2-mpm-prefork
apache2-mpm-threadpool
apache2-mpm-worker

The problem can be corrected by upgrading the affected package to
version 2.0.50-12ubuntu4.3 (for Ubuntu 4.10), or 2.0.53-5ubuntu5.2
(for Ubuntu 5.04). In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Marc Stern discovered a buffer overflow in the SSL module's
certificate revocation list (CRL) handler. If Apache is configured to
use a malicious CRL, this could possibly lead to a server crash or
arbitrary code execution with the privileges of the Apache web server.
(CAN-2005-1268)

Watchfire discovered that Apache insufficiently verified the
"Transfer-Encoding" and "Content-Length" headers when acting as an
HTTP proxy. By sending a specially crafted HTTP request, a remote
attacker who is authorized to use the proxy could exploit this to
bypass web application firewalls, poison the HTTP proxy cache, and
conduct cross-site scripting attacks against other proxy users.
(CAN-2005-2088)

Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.3.diff.gz
Size/MD5: 99222 a380f023e1e5afc50b8b92ba5c6489b9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.3.dsc
Size/MD5: 1151 69c9462592c46b43a4ec8166aab6209a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50.orig.tar.gz
Size/MD5: 6321209 9d0767f8a1344229569fcd8272156f8b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.50-12ubuntu4.3_all.deb
Size/MD5: 3178388 566b8b373c0318b7d3f34692b30509ac
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.50-12ubuntu4.3_all.deb
Size/MD5: 163770 00c36a85687974f4eb90b5d8c13476e4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.50-12ubuntu4.3_all.deb
Size/MD5: 164524 6050010e24b4f5e4a9cb2cdd9686c6c0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.3_amd64.deb
Size/MD5: 864704 574b8e5c64df9913c8b66ccd107c60f0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.3_amd64.deb
Size/MD5: 230390 e38acb634e12c57ed669aa568cc67d06
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.3_amd64.deb
Size/MD5: 225610 a3bdfb1af745c6930136212c6fa33591
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.3_amd64.deb
Size/MD5: 228988 94ff614ff1caa04fe845c8204c5bb91b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.3_amd64.deb
Size/MD5: 229582 7b3a84aad84baaa7338ebff74f36d86c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.3_amd64.deb
Size/MD5: 30006 3167fcb1062d529a724f5d4dbacb9a9c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.3_amd64.deb
Size/MD5: 275506 bc6da6c57c8faf19d1f55108a4c2e98b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.3_amd64.deb
Size/MD5: 133452 e7b61a6aa6fec0146790b56ae41131d8

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.3_i386.deb
Size/MD5: 826108 01ed4c55e535c4f8a8e9fa62b03d2d6f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.3_i386.deb
Size/MD5: 209418 f4daec8b0b1a16a9c1056ea80a18818d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.3_i386.deb
Size/MD5: 205626 7b4216e725476c616d15ba87b35ab3aa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.3_i386.deb
Size/MD5: 208278 49de9f647e784fae7883c24741ab7b63
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.3_i386.deb
Size/MD5: 208698 092149b5d65d608ff023f74fad4419b3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.3_i386.deb
Size/MD5: 30008 0629ba1a00d24318da20620f904adf53
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.3_i386.deb
Size/MD5: 253472 f7fa9e49a15f97cc6f6b3487dad9f59b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.3_i386.deb
Size/MD5: 124174 e9a3bb0757ac735b5be257899dc7dccb

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.3_powerpc.deb
Size/MD5: 903886 c79d8200dafe755df9b4353a461431f8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.3_powerpc.deb
Size/MD5: 223044 668546270ebbb3fc0722bb4e9e15c551
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.3_powerpc.deb
Size/MD5: 218040 8a720021cb2ad66178fa7338c321d9b9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.3_powerpc.deb
Size/MD5: 221164 d79bb29298a9e3b404f75feac66a4f0e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.3_powerpc.deb
Size/MD5: 221810 065beb73cd4d89f58b2937eb8f40f2e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.3_powerpc.deb
Size/MD5: 30008 2df17775733e03d4b7a24f30db85abc0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.3_powerpc.deb
Size/MD5: 269302 d78bb039553b55d88fd7b0482b0fa45e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.3_powerpc.deb
Size/MD5: 130790 19af1dc64928adca136c3cd4a5d43368

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.2.diff.gz
Size/MD5: 106802 52ae05de8e2234de5379947bc97e6b6f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.2.dsc
Size/MD5: 1159 e21eb214e35d20449d52ea8e6c4a1256
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53.orig.tar.gz
Size/MD5: 6925351 40507bf19919334f07355eda2df017e5

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.53-5ubuntu5.2_all.deb
Size/MD5: 3578208 08bca5aab442a3483739f3b753f2b3a3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.53-5ubuntu5.2_all.deb
Size/MD5: 33806 47590c2159403038c34e51651b9b3ffe

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.2_amd64.deb
Size/MD5: 826094 8b1404e64736660a2958992d3bc525f1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.2_amd64.deb
Size/MD5: 221110 e3aa00811f28469bfbb8ef22ecd145d2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.2_amd64.deb
Size/MD5: 216690 00e809503238ca2e73c42fc52f3016db
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.2_amd64.deb
Size/MD5: 220032 10d8a9fce44a4096d31ade012a28079e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.2_amd64.deb
Size/MD5: 167464 6c91ab0c339f3a74535ed36172ada81c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.2_amd64.deb
Size/MD5: 168258 c4afd1d5a85633e95c2fe835def03ad7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.2_amd64.deb
Size/MD5: 92934 26ccc095b0f9c15224bd054f758109a0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.2_amd64.deb
Size/MD5: 33732 498cf774f6197fc10292365422739196
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.2_amd64.deb
Size/MD5: 279090 536b2c9b9fa300090d53b48e746a9378
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.2_amd64.deb
Size/MD5: 137596 5559d096c8cf747ce5d7f68e672c73eb

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.2_i386.deb
Size/MD5: 789008 09bbc361b3aaa028014a19d58f2186f5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.2_i386.deb
Size/MD5: 201274 cc9c15af3dbbcc5213eeb49cdef69f31
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.2_i386.deb
Size/MD5: 197146 26bc333b69cc2a58b2fe41c610c41927
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.2_i386.deb
Size/MD5: 200568 6c1189649fb0a3a04205f2528b0e1b5a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.2_i386.deb
Size/MD5: 167466 66b4c17f7b92ce69dc983b79d8beafa7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.2_i386.deb
Size/MD5: 168248 624c88d5d611211be441e5179489f134
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.2_i386.deb
Size/MD5: 90654 ff649857f12acf7164b78665a3df1340
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.2_i386.deb
Size/MD5: 33734 dc48007f8db1e2d870da4c69cb056bcf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.2_i386.deb
Size/MD5: 257040 f38390e08a7f1fb35a3bab2fe0aa43e4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.2_i386.deb
Size/MD5: 128270 d5e2e3bd12723420a852eab1e606cb2f

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.2_powerpc.deb
Size/MD5: 855412 fc8f89f45ed5fe9323228db12d5e6af4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.2_powerpc.deb
Size/MD5: 214298 abf499003a7cd1fb01908508375b9b0a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.2_powerpc.deb
Size/MD5: 209416 e67390ec75e08bd176093b44cd6a29e7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.2_powerpc.deb
Size/MD5: 213410 56548f06302e1e30c72d1e14568ef042
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.2_powerpc.deb
Size/MD5: 167472 0137079f14ad6afbbeafbe9c222e3099
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.2_powerpc.deb
Size/MD5: 168252 f595e5e6a871ce89a52494db766be9ed
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.2_powerpc.deb
Size/MD5: 102328 eccac03681d081ed37f2393196714edb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.2_powerpc.deb
Size/MD5: 33744 b5c4d07b3e4a5b5945ad4670a52b818d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.2_powerpc.deb
Size/MD5: 272312 9ad600dd8a99577138bdc3d7081c490e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.2_powerpc.deb
Size/MD5: 134578 c0d2e7a4a29d9cf05cf99d3aa9b71621

--6TrnltStXW4iwmi0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC8ihpDecnbV4Fd/IRAnpLAJ9MPFT7NVASClcTcAysa4hRIgmM+wCfdmXf
FsYs27LyPO00zX/W1vJzmSg=
=JHPN
-----END PGP SIGNATURE-----

--6TrnltStXW4iwmi0--
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close