Secunia Security Advisory - Debian has issued an update for mod-auth-shadow. This fixes a security issue, which potentially can be exploited by malicious people to bypass certain security restrictions.
a8c72c2aba4bda741d143d7ea72b02e3518f96177c7afcc8a08a5e7f720f7cc8
TITLE:
Debian update for mod-auth-shadow
SECUNIA ADVISORY ID:
SA17067
VERIFY ADVISORY:
http://secunia.com/advisories/17067/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From remote
OPERATING SYSTEM:
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/
Debian GNU/Linux 3.1
http://secunia.com/product/5307/
Debian GNU/Linux 3.0
http://secunia.com/product/143/
DESCRIPTION:
Debian has issued an update for mod-auth-shadow. This fixes a
security issue, which potentially can be exploited by malicious
people to bypass certain security restrictions.
For more information:
SA17060
SOLUTION:
Apply updated packages.
-- Debian GNU/Linux 3.0 alias woody --
Source archives:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.3-3.1woody.2.dsc
Size/MD5 checksum: 628 78a6276d158c96247f87c2a82ad337c9
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.3-3.1woody.2.diff.gz
Size/MD5 checksum: 5818 e57059b3d026f4490e83ef48e7c64551
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.3.orig.tar.gz
Size/MD5 checksum: 7476 3ad4432193ac603049ad0f2fa94f2054
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_alpha.deb
Size/MD5 checksum: 12204 4f659abcf88fe710a35c09a24f6294d4
ARM architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_arm.deb
Size/MD5 checksum: 11306 ed1b93be804e3233000e7bc9951ee836
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_i386.deb
Size/MD5 checksum: 11334 a384bb22d08d3d8ad2ee76803517866f
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_ia64.deb
Size/MD5 checksum: 13488 63798f86c1cd944d5f635890b1ae7edb
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_hppa.deb
Size/MD5 checksum: 12048 cea187ef3898639b248c9b6f8b36e7a0
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_m68k.deb
Size/MD5 checksum: 11302 8887098ee92b1be61470b8a00ac72df9
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_mips.deb
Size/MD5 checksum: 11466 9846f15f1c98a3cbb01b12d8e8563d93
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_mipsel.deb
Size/MD5 checksum: 11458 d2ae47a2320ef6a8b45aa2354c9eebe9
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_powerpc.deb
Size/MD5 checksum: 11372 1ce0c98e16ea699726c0e45b98de5ec6
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_s390.deb
Size/MD5 checksum: 11516 e92c004036842d0f6f79b0e5d9f64455
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_sparc.deb
Size/MD5 checksum: 14484 524248ef32be0bffef4dcc147eece09b
-- Debian GNU/Linux 3.1 alias sarge --
Source archives:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.4-1sarge1.dsc
Size/MD5 checksum: 618 8a413e53ca39d904d95dccd1b0705693
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.4-1sarge1.diff.gz
Size/MD5 checksum: 5816 4b010699db55a2c3446e71cc4af6e167
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.4.orig.tar.gz
Size/MD5 checksum: 7982 7da6ea1d72640c334fefab4e078eadd4
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_alpha.deb
Size/MD5 checksum: 13462 9a035f44ccbfec2ddedeb97ba25de685
AMD64 architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_amd64.deb
Size/MD5 checksum: 12978 ffdd9eab120efbd6ad58befb069ead8d
ARM architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_arm.deb
Size/MD5 checksum: 12332 20edffd17e6cfed8bf60d50f0cf918da
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_i386.deb
Size/MD5 checksum: 12426 7e27802cc15e0478e06f00cff72c4133
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_ia64.deb
Size/MD5 checksum: 14444 b1a34f75958df70ee4566445ceb80a26
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_hppa.deb
Size/MD5 checksum: 13602 448068ac275fe81e7ba0d997b8bc3566
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_m68k.deb
Size/MD5 checksum: 12258 ae4ef5bdca2baaeb0067cf908e57ac09
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_mips.deb
Size/MD5 checksum: 13238 e0a0f68fb3a164bc80607ba974a05f3d
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_mipsel.deb
Size/MD5 checksum: 13248 24218030e050490cbe0578474ec46403
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_powerpc.deb
Size/MD5 checksum: 14120 85d7a92000946e11db7ae213960c4927
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_s390.deb
Size/MD5 checksum: 12964 46951fcacb6c99c779e31c7aa21d8bf3
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_sparc.deb
Size/MD5 checksum: 12300 e05d59189d387427c9017180631aeba4
-- Debian GNU/Linux unstable alias sid --
Fixed in version 1.4-2.
ORIGINAL ADVISORY:
http://www.debian.org/security/2005/dsa-844
OTHER REFERENCES:
SA17060:
http://secunia.com/advisories/17060/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------