Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-239-1] libapache2-mod-auth-pgsql vulnerability
From: Martin Pitt <martin.pitt () canonical com>
Date: Mon, 9 Jan 2006 09:16:34 +0100

===========================================================
Ubuntu Security Notice USN-239-1           January 09, 2006
libapache2-mod-auth-pgsql vulnerability
CVE-2005-3656
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libapache2-mod-auth-pgsql

The problem can be corrected by upgrading the affected package to
version 2.0.2b1-2ubuntu0.1 (for Ubuntu 4.10), 2.0.2b1-5ubuntu0.1 (for
Ubuntu 5.04), or 2.0.2b1-6ubuntu0.1 (for Ubuntu 5.10).  After a
standard system upgrade you need to restart the Apache 2 server to
effect the necessary changes:

  sudo /etc/init.d/apache2 restart

Details follow:

Several format string vulnerabilities were discovered in the error
logging handling. By sending specially crafted user names, an
unauthenticated remote attacker could exploit this to crash the Apache
server or possibly even execute arbitrary code with the privileges of
Apache (user 'www-data').

Updated packages for Ubuntu 4.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-2ubuntu0.1.diff.gz
      Size/MD5:     3333 92b6b02989c62a28214e6691ff09bb50
    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-2ubuntu0.1.dsc
      Size/MD5:      709 d4c469c2bc7fe0735ba9f59a504ff554
    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1.orig.tar.gz
      Size/MD5:    15928 e2c032df0cd7e4a46381dcf6e488efe9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-2ubuntu0.1_amd64.deb
      Size/MD5:    19802 b1e6729a94175772ee2cac63ea2da13d

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-2ubuntu0.1_i386.deb
      Size/MD5:    18974 178de9440075d3694ed1f4af72773daa

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-2ubuntu0.1_powerpc.deb
      Size/MD5:    20368 e872d0f306e7906b9d4205b9e24eff8e

Updated packages for Ubuntu 5.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5ubuntu0.1.diff.gz
      Size/MD5:     5078 c95a57458bc15935390275860fc65894
    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5ubuntu0.1.dsc
      Size/MD5:      724 d32ade3227241ac2b26d70f755d0bdfe
    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1.orig.tar.gz
      Size/MD5:    15928 e2c032df0cd7e4a46381dcf6e488efe9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5ubuntu0.1_amd64.deb
      Size/MD5:    20104 4c7840fa3e2c912f926e025be838b011

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5ubuntu0.1_i386.deb
      Size/MD5:    19270 e07b1d6409abe38dc4fa3f67701846e1

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5ubuntu0.1_powerpc.deb
      Size/MD5:    20738 b6feefa3f30174ae9368af78eed30b6f

Updated packages for Ubuntu 5.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-6ubuntu0.1.diff.gz
      Size/MD5:     5173 33ce214fcaa05c8bde42809d9407368b
    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-6ubuntu0.1.dsc
      Size/MD5:      708 ded1588c8d8cf28128cde3d71f567201
    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1.orig.tar.gz
      Size/MD5:    15928 e2c032df0cd7e4a46381dcf6e488efe9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-6ubuntu0.1_amd64.deb
      Size/MD5:    20348 68f6cfd60cbf7e6f2cad792bfaf5177a

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-6ubuntu0.1_i386.deb
      Size/MD5:    19092 52712f3b790ea61ef60aa8734d55baac

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-6ubuntu0.1_powerpc.deb
      Size/MD5:    21122 69d5ec8ec12d43c03dead9fee1135bab

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-239-1] libapache2-mod-auth-pgsql vulnerability Martin Pitt (Jan 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]