| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Ubuntu alert USN-499-1 (apache2)
| From: | Kees Cook <kees@ubuntu.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-499-1] Apache vulnerabilities | |
| Date: | Thu, 16 Aug 2007 21:41:48 -0700 | |
| Message-ID: | <20070817044148.GD22619@outflux.net> | |
| Cc: | bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk |
=========================================================== Ubuntu Security Notice USN-499-1 August 16, 2007 apache2 vulnerabilities CVE-2006-5752, CVE-2007-1863, CVE-2007-3304 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.2 apache2-mpm-prefork 2.0.55-4ubuntu2.2 apache2-mpm-worker 2.0.55-4ubuntu2.2 Ubuntu 6.10: apache2-common 2.0.55-4ubuntu4.1 apache2-mpm-prefork 2.0.55-4ubuntu4.1 apache2-mpm-worker 2.0.55-4ubuntu4.1 Ubuntu 7.04: apache2-mpm-prefork 2.2.3-3.2ubuntu0.1 apache2-mpm-worker 2.2.3-3.2ubuntu0.1 apache2.2-common 2.2.3-3.2ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Stefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. By default, mod_status is disabled in Ubuntu. (CVE-2006-5752) Niklas Edmundsson discovered that the mod_cache module could be made to crash using a specially crafted request. A remote user could use this to cause a denial of service if Apache was configured to use a threaded worker. By default, mod_cache is disabled in Ubuntu. (CVE-2007-1863) A flaw was discovered in the signal handling of Apache. A local attacker could trick Apache into sending SIGUSR1 to other processes. The vulnerable code was only present in Ubuntu Feisty. (CVE-2007-3304) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 115882 e94e45574e3b131d3a9a0e07e193f1e5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 1148 c2bc143625fbf8ca59fea300845c5a42 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 2124364 9b8ca5d5757c63f5ee6bbd507f0a8357 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 833000 be4c7770c725f5f4401ca06d1347211f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 227832 41c12dfe84f109e6544a33e4e1d791a8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 222934 7e4d072bad27239e366a6eda94c09190 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 227576 8fc59f78a3fa0e5d6dac81e875039bda http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 171082 4318f93373b705563251f377ed398614 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 171860 257f4183d70be5a00546c39c5a18f108 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 93916 695cee55f91ceb9424abe31d8b6ee1dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 35902 00c1082a77ff1d863f72874c4472a26d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/lib... Size/MD5: 285336 0a8510634b21f56f0d9619aa6fc9cec9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/lib... Size/MD5: 143952 d75f83ac219bce95a15a8f44b82b8ea7 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 786186 4e78fa0d438867194f66b11b4eb6fc2e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 202448 74cf60884e18c1fc93f157010a15b12c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 198456 209a0b92995fec453ed4c2c181e3e555 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 202038 6cbd437caf993fa2b2b38369cd3d5863 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 171074 0a5a26aa58af7aa2d51d1cf5d7c543d6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 171848 af9ca78febc5bc0c7936296dab958349 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 91884 2857d60b507b28c736f83815c9f3d1b8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 35906 202b5b233af0d26e29ca7302cf7fd04c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/lib... Size/MD5: 261418 c90342706ac26682d15032a5ba5cb51a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/lib... Size/MD5: 131850 951a4573901bc2f10d5febf940d57516 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 859126 afdd8642ca447fc9dc70dfed92be0fa6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 219898 6d9c9f924d2356bf9d3438a280870a7d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 215602 dd554132cdea0f860e01cf5d4e0dbc7c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 219378 7a1f4b325dacef287c901fa66680c04e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 171096 a0e2547d38ef1b84dc419d69e42ffa0b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 171864 200ab662b2c13786658486df37fda881 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 103628 ae36642fbd4698bb362fa4bf9417b0e3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 35910 358027282f2f19451d3aa784dc0474dc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/lib... Size/MD5: 280950 0d9b56ec076da25e2a03f6d3c6445057 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/lib... Size/MD5: 141074 f5d3d5e0e5911e0c0156ae55af50f87b sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 803440 d66da6a91c08956c3c5062668349ef41 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 209970 57f0a8f823a4502ee9a2608e3181cc81 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 205582 1dcfb0df796e85c409f614544ea589fe http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 209330 6bf7ae824eea35d3487febef384fce91 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 171080 1088337f4abcb6c8f65751b6120c2307 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 171868 5cda04cd73a9c6d8dfc18abd55c09ebd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 92972 850ab3bb0904e8fe9b6255c42ba7f84c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 35904 7af260b95c4faa17ef34810fed888caf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/lib... Size/MD5: 267550 08182a8a2cab00fc0e6bca2cccf5165f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/lib... Size/MD5: 129760 a60606c6d2f12209b0bdae997be4a13f Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 116265 2732761b18dfb3c2cd1aa0b54c2cf623 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 1148 4b9c4612469c521db0c5fdbe2f6b9b25 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 2124550 8d5c30342b35f9fd595fb09d7659b6fc amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 836342 2c4ba483b0b20fdc2d43819109177941 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 227390 e61cc1998f5b8f2c44dce587e59d288a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 222376 6bdbff7f7f80fd464d1e3ec52d6e7171 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 226848 4356b4caf2b40f364c8893c41b9f9355 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 171304 c4395af051e876228541ef5b8037d979 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 172074 99dadc4ad0f0947f9368d89f4589d95a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 94204 30f3bb8c72575fe93940ecc730b8e4b6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 36152 ea3cbefcbee7e2f6e5555edb44733ad9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/lib... Size/MD5: 286544 d555931490d44d93bec31c4bfc19ed12 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/lib... Size/MD5: 145014 3e06ceb0a55598d82f9f781c44e210b3 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 806938 050bb7665332d3761e1a8e47939fa507 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 209556 ee530b24aba8838001ebb6c901bc90cd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 205718 b52a17c63909eae3c49bad0ab1958f4b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 209158 1844fa5e09224a90944f8b886ddb5a2a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 171296 9de8aba41f7e3d60f41536ca712adebb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 172078 01ccd554177364747b08e2933f121d2c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 93240 4573597317416869646eb2ea42cd0945 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 36150 77666d65bade6a91bd58826c79f11dc9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/lib... Size/MD5: 266390 a3963d8e76f6865404f7fadb47880c87 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/lib... Size/MD5: 137604 387f6bcdaa58dbbe53082241b3231844 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 865372 27d7f1de1fcb2114d3f3b0a774302488 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 221542 1ae8fa5cf4b77f3b2aa054e2886e587e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 217044 9134983c40107f79fcac8d1eacbc7117 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 221324 b435dc09c63ecbcd564a0923a8f07350 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 171296 6d2a0abfb7a1daaeae56559eeb322dcb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 172064 ecc2037409554ea43c5a6848aa510c76 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 104654 d0957d8df044c4a34437241792ed97d1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 36148 34e102e1d2e1c6a6f31801dfb98cb82a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/lib... Size/MD5: 284548 c8f325ccc42cbe77191d4ddd9abc2a4e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/lib... Size/MD5: 144238 82cfbfcec5fc4931078145af8947c035 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 811594 d8548e537fd81994bbb638e105dfbf8b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 212160 81cd0197ff89b79c967c1074ede9f8d7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 207870 5d80ed8dc39b0d4d59fccb747624a684 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 211578 9407383d85db831dab728b39cce9acc8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 171294 5e4d695a99bdc1fdfb0bfcef8b91d03d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 172064 06e3e765d799e281dba7329ff9d9e138 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 93796 1048b47b289fb2047fa9ac7ebbe94a57 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 36150 0d106a177aa4271b1cfc0e96eec1a748 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/lib... Size/MD5: 268444 3912123e7c71cc638132305ca89fe23b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/lib... Size/MD5: 130626 f4444e0239c2da7d3c31e3486606f95a Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 112120 f7b1a17718aed7ca73da3a6d7aad06b0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 1128 e82b1bee591fff50d6673ed1a443e543 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 2199184 c03756f87cb164213428532f70e0c198 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 272064 5be351f491f8d1aae9a270d1214e93e3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 6674104 bdbabf8f478562f0e003737e977ffc7b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 38668 9f0c7c01e8441285c084002eb4619065 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 449624 1b54a8000c40eaaa0f9e31527b9bb180 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 445346 d15625641a3247fbf5d9d9b9aed34968 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 449208 55f39c28a4de98d53f80231aeb7d6c59 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 403570 0042c75be8a2d128d62b79398deaefa8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 404138 929772b95ea67f338ad423a65b2b7011 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 341312 906819b0de863209575aa65d39a594a5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 971462 f85e32c5f6437ce149553aee97ffd934 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 432922 c1b81ac7dc7b7a0b2261fd10d9bcf5c6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 428856 f506f2a9dd2dbd5c2d3f72a476cc3537 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 432314 a5a11947ad8cf14604efa7ddcfd20bfe http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 403574 da84a3a99276f14a11ac892ce7eee170 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 404138 0fdd43a53e6957aa3a348a7bd9c876f5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 340396 88a0ddbc58335416d91c9f10adc9d5f5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 929716 138d58487b882e6002e3c5e4a9489add powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 451530 ddc437092ef642fcd396713cd1972f4c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 446960 af1b667708e062f81bca4e995355394d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 450940 ed9f31ec5045a88446115987c6e97655 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 403574 65801ab51335a15dc370b9341a0e50dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 404146 fd35e65fadd836feb0190b209947b466 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 360518 b74bc9eead429cd8f0ebecd6a94e5edb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 1073812 376fe5b1ee383a6d870eea5dd3c6a704 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 434408 c70ef2e9aed191fe53886ceb3725596e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 430574 7b690896da23a151ee5e106d596c1143 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 433918 cc01edfcfc673ba9a86c83fcc66e6870 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 403568 a7660cff70394403c764cf8f30c7298a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 404136 b8587d5eba0be59a6576d6cf645b2122 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 343370 1572a001a612add57d23350210ac1736 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apa... Size/MD5: 938586 b74a91fcfbb0503355e94981310bd1ce
(Log in to post comments)