From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1810-1
[email protected] http://www.debian.org/security/ Stefan Fritsch
June 02, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libapache-mod-jk
Vulnerability : information disclosure
Problem type : remote
Debian-specific: no
CVE ID : CVE-2008-5519
Debian Bug : 523054
An information disclosure flaw was found in mod_jk, the Tomcat Connector
module for Apache. If a buggy client included the "Content-Length" header without providing request body data, or if a client sent repeated
equests very quickly, one client could obtain a response intended for
another client.
For the stable distribution (lenny), this problem has been fixed in
version 1:1.2.26-2+lenny1.
The oldstable distribution (etch), this problem has been fixed in
version 1:1.2.18-3etch2.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 1:1.2.26-2.1.
We recommend that you upgrade your libapache-mod-jk packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2.dsc
Size/MD5 checksum: 935 dc3dd860d8c7a2710943903b485b1afa
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2.diff.gz
Size/MD5 checksum: 11556 889ac12a51c93772cefad6af5225f7f7
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18.orig.tar.gz
Size/MD5 checksum: 929823 58e1b9406e0cfe11bd4bc297ba146b4f
Architecture independent packages:
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk-doc_1.2.18-3etch2_all.deb
Size/MD5 checksum: 118140 04190ed8b2fc8fea1bf98b1b1df14e9b
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_alpha.deb
Size/MD5 checksum: 101802 b21ab36fc88cf555f9afe1f181124030
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_alpha.deb
Size/MD5 checksum: 98112 29507ac73774562be5c8824cbbcc9131
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_amd64.deb
Size/MD5 checksum: 97470 5a137194ffad6aca9bdfa2760447d635
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_amd64.deb
Size/MD5 checksum: 93722 8642501f8588c5cf7fc990ccdd23ec4b
arm architecture (ARM)
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_arm.deb
Size/MD5 checksum: 92860 e11d9d8cf00d6aa71a369d99c92b23f4
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_arm.deb
Size/MD5 checksum: 89258 11fbf05bce072618c3f229c2986e23a6
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_hppa.deb
Size/MD5 checksum: 102432 400787b4e1bc663e2a9dc3c0127c4e73
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_hppa.deb
Size/MD5 checksum: 106314 63572306d8c9d8ea8c47e66b809195fd
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_i386.deb
Size/MD5 checksum: 93386 92d553ae68620971f9b81d81400cc7aa
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_i386.deb
Size/MD5 checksum: 89482 028881fdbf37c27de6fa3edd8fbd05c4
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_ia64.deb
Size/MD5 checksum: 120858 6919a34dfa3dfee634a9642604a3e8ff
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_ia64.deb
Size/MD5 checksum: 125960 cba7d736e52cabbe70de29f0e51cddf5
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_mips.deb
Size/MD5 checksum: 86614 4c1700cd9242c833fa22dfad073756c6
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_mips.deb
Size/MD5 checksum: 89758 e41ac894937a180111156157498843ab
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_mipsel.deb
Size/MD5 checksum: 89858 aa269380dffa92119aa9004f82f98da2
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_mipsel.deb
Size/MD5 checksum: 86710 769d82a08a391758a712b944f54b0cbb
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_powerpc.deb
Size/MD5 checksum: 93420 f576dbcb12dec39481126d4d2b40ffe9
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_powerpc.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)