Ubuntu alert USN-239-1 (libapache2-mod-auth-pgsql)
| From: | Martin Pitt <martin.pitt@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-239-1] libapache2-mod-auth-pgsql vulnerability | |
| Date: | Mon, 9 Jan 2006 09:16:34 +0100 | |
| Cc: | full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com |
=========================================================== Ubuntu Security Notice USN-239-1 January 09, 2006 libapache2-mod-auth-pgsql vulnerability CVE-2005-3656 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: libapache2-mod-auth-pgsql The problem can be corrected by upgrading the affected package to version 2.0.2b1-2ubuntu0.1 (for Ubuntu 4.10), 2.0.2b1-5ubuntu0.1 (for Ubuntu 5.04), or 2.0.2b1-6ubuntu0.1 (for Ubuntu 5.10). After a standard system upgrade you need to restart the Apache 2 server to effect the necessary changes: sudo /etc/init.d/apache2 restart Details follow: Several format string vulnerabilities were discovered in the error logging handling. By sending specially crafted user names, an unauthenticated remote attacker could exploit this to crash the Apache server or possibly even execute arbitrary code with the privileges of Apache (user 'www-data'). Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 3333 92b6b02989c62a28214e6691ff09bb50 http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 709 d4c469c2bc7fe0735ba9f59a504ff554 http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 15928 e2c032df0cd7e4a46381dcf6e488efe9 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 19802 b1e6729a94175772ee2cac63ea2da13d i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 18974 178de9440075d3694ed1f4af72773daa powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 20368 e872d0f306e7906b9d4205b9e24eff8e Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 5078 c95a57458bc15935390275860fc65894 http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 724 d32ade3227241ac2b26d70f755d0bdfe http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 15928 e2c032df0cd7e4a46381dcf6e488efe9 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 20104 4c7840fa3e2c912f926e025be838b011 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 19270 e07b1d6409abe38dc4fa3f67701846e1 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 20738 b6feefa3f30174ae9368af78eed30b6f Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 5173 33ce214fcaa05c8bde42809d9407368b http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 708 ded1588c8d8cf28128cde3d71f567201 http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 15928 e2c032df0cd7e4a46381dcf6e488efe9 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 20348 68f6cfd60cbf7e6f2cad792bfaf5177a i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 19092 52712f3b790ea61ef60aa8734d55baac powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/liba/libapach... Size/MD5: 21122 69d5ec8ec12d43c03dead9fee1135bab -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-...