Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-23-1] apache2 vulnerability
From: Martin Pitt <martin.pitt () canonical com>
Date: Thu, 11 Nov 2004 22:56:14 +0100

===========================================================
Ubuntu Security Notice USN-23-1           November 11, 2004
apache2 vulnerability
CAN-2004-0942
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

apache2-mpm-perchild
apache2-mpm-prefork
apache2-mpm-threadpool
apache2-mpm-worker

The problem can be corrected by upgrading the affected package to
version 2.0.50-12ubuntu4.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Chintan Trivedi discovered a Denial of Service vulnerability in
apache2. The field length limit was not enforced for certain malicious
requests. This could allow a remote attacker who is able to send large
amounts of data to a server to cause HTTP server instances to consume
proportional amounts of memory, which can render the service
unavailable.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.1.diff.gz
      Size/MD5:    97967 cf0c1c891580db78dcc5446a767ac000
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.1.dsc
      Size/MD5:     1151 0a7f762f4626fde4e303c1cc4d9ba78c
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50.orig.tar.gz
      Size/MD5:  6321209 9d0767f8a1344229569fcd8272156f8b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.50-12ubuntu4.1_all.deb
      Size/MD5:  3178054 82b91224019b7e1ebcb04ce6dab1839d
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.50-12ubuntu4.1_all.deb
      Size/MD5:   163482 755fa2140e2cbc1242c56525614555a2
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.50-12ubuntu4.1_all.deb
      Size/MD5:   164232 e79331594b1b564c3fa7d71ff01a3db7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.1_amd64.deb
      Size/MD5:   864366 b9d51742d0d08c0f1afd96ad2ae691da
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.1_amd64.deb
      Size/MD5:   230102 d0b900d7e94f54e102492328c58d1893
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.1_amd64.deb
      Size/MD5:   225242 fd5d08467e04612d7e0094502c9b6565
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.1_amd64.deb
      Size/MD5:   228684 c40e8b7c350bc15339404a906a7901a0
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.1_amd64.deb
      Size/MD5:   229262 1cfd8eb69f072c2cfd2b4c2cca68814b
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.1_amd64.deb
      Size/MD5:    29710 cfcf4d17b8d836b58abdd6afc85913ec
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.1_amd64.deb
      Size/MD5:   275206 ccaea19446f99022bcd3d8c7006d861e
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.1_amd64.deb
      Size/MD5:   133148 0fa8b4ab41df7319e233ac142e08c938

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.1_i386.deb
      Size/MD5:   825680 823bf43c10f5afb125458c02e06bd422
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.1_i386.deb
      Size/MD5:   209084 f7114acd490b347bcc175f30b1d496da
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.1_i386.deb
      Size/MD5:   205306 8815b7c99177c33edfa94ba5c0359416
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.1_i386.deb
      Size/MD5:   207946 193b3f6c0710dc80b8acf08b951bc2f6
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.1_i386.deb
      Size/MD5:   208388 7d11333a5ec1876f99030dd958c9a43f
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.1_i386.deb
      Size/MD5:    29706 af8f749040fca22310e315d310331ce1
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.1_i386.deb
      Size/MD5:   253176 9c4587c217ba98d6b63b50d18f5a7ba6
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.1_i386.deb
      Size/MD5:   123872 5367a153ef8c66a4307b1250b3321d7f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.1_powerpc.deb
      Size/MD5:   903480 12c41213108120eabb9cafd2ab97af79
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.1_powerpc.deb
      Size/MD5:   222718 5054b3fc46baeea33ccb1c7677c49097
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.1_powerpc.deb
      Size/MD5:   217722 79d6763364edccb0571a9918e9e7f595
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.1_powerpc.deb
      Size/MD5:   220892 01df3447f3668931d3ee7f3a055d1b88
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.1_powerpc.deb
      Size/MD5:   221500 62851f812cba3ee3df558cdcc3ab5d33
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.1_powerpc.deb
      Size/MD5:    29716 8148f425dac482351c32fbce31b37e8b
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.1_powerpc.deb
      Size/MD5:   268974 71585a0eee76b026e0623f526da43fc0
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.1_powerpc.deb
      Size/MD5:   130482 16e3a998f505e6a8dc0c8c48909c4886

Attachment: signature.asc
Description: Digital signature


  By Date           By Thread  

Current thread:
  • [USN-23-1] apache2 vulnerability Martin Pitt (Nov 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]