LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Debian alert DSA-558-1 (libapache-mod-dav)



From:
    	      joey@infodrom.org (Martin Schulze)


To:
    	      debian-security-announce@lists.debian.org (Debian Security Announcements)


Subject:
    	      [SECURITY] [DSA 558-1] New libapache-mod-dav packages fix potential denial of service


Date:
    	      Wed, 6 Oct 2004 09:32:58 +0200 (CEST)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 558-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 6th, 2004                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libapache-mod-dav
Vulnerability  : null pointer dereference
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0809

Julian Reschke reported a problem in mod_dav of Apache 2 in connection
with a NULL pointer dereference.  When running in a threaded model,
especially with Apache 2, a segmentation fault can take out a whole
process and hence create a denial of service for the whole server.

For the stable distribution (woody) this problem has been fixed in
version 1.0.3-3.1.

For the unstable distribution (sid) this problem has been fixed in
version 1.0.3-10 of libapache-mod-dav and in version 2.0.51-1 of
Apache 2.

We recommend that you upgrade your mod_dav packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/liba/libapac...
      Size/MD5 checksum:      645 5b405cd8fe0471edd793343ef8237b26
    http://security.debian.org/pool/updates/main/liba/libapac...
      Size/MD5 checksum:     4523 94edc74f33414e93af4ca7fa849b3fb3
    http://security.debian.org/pool/updates/main/liba/libapac...
      Size/MD5 checksum:   185284 ba83f2aa6e13b216a11d465b82aab484

  Alpha architecture:

    http://security.debian.org/pool/updates/main/liba/libapac...
      Size/MD5 checksum:    96522 7e5d5d2184629de6be880eb0650d7fd1

  ARM architecture:

    http://security.debian.org/pool/updates/main/liba/libapac...
      Size/MD5 checksum:    81860 fbe2d647e0037436d710ee857c947a52

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/liba/libapac...
      Size/MD5 checksum:    80122 dfaab95268192557f711ab9fbd7f9f9b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/liba/libapac...
      Size/MD5 checksum:   116596 bb369037b3d2ee0110c15d0b085a410b

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/liba/libapac...
      Size/MD5 checksum:    90406 fc707743732c491c29bfdb21d469736f

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/liba/libapac...
      Size/MD5 checksum:    80030 1b434a6598c06e23f3bb253867f59ae5

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/liba/libapac...
      Size/MD5 checksum:    84944 a422f253d772ca1c2dae84bac0bb79ea

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/liba/libapac...
      Size/MD5 checksum:    85094 4cf00ccacd87e2295af6618987950e13

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/liba/libapac...
      Size/MD5 checksum:    84516 853b2929e7f371e79f153f6c57414a1f

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/liba/libapac...
      Size/MD5 checksum:    82424 7f092c974abfe792278c925bdd345775

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/liba/libapac...
      Size/MD5 checksum:    92438 77bdcf29501a581a1cb768af644c923b


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBY5+qW5ql+IAeqTIRAsAfAJ9OCkuj0CiIUV/GxATw5IqYG014OgCgsO57
2tpvIRLP8zoqZDV47z9ssf8=
=vMyZ
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds