From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2035-1
[email protected] http://www.debian.org/security/ Stefan Fritsch
April 17, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : apache2
Vulnerability : multiple issues
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-0408 CVE-2010-0434
Two issues have been found in the Apache HTTPD web server:
CVE-2010-0408
mod_proxy_ajp would return the wrong status code if it encountered an
error, causing a backend server to be put into an error state until the
retry timeout expired. A remote attacker could send malicious requests
to trigger this issue, resulting in denial of service.
CVE-2010-0434
A flaw in the core subrequest process code was found, which could lead
to a daemon crash (segfault) or disclosure of sensitive information
if the headers of a subrequest were modified by modules such as
mod_headers.
For the stable distribution (lenny), these problems have been fixed in
version 2.2.9-10+lenny7.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 2.2.15-1.
This advisory also provides updated apache2-mpm-itk packages which
have been recompiled against the new apache2 packages.
We recommend that you upgrade your apache2 and apache2-mpm-itk packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny (stable)
- -----------------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
- From the apache2 source package:
Source archives:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7.dsc
Size/MD5 checksum: 1682 58737d2f0024a178d40db6f9356e5b6a
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7.diff.gz
Size/MD5 checksum: 147059 f599c83adbced41a7339524c512ae0cd
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz
Size/MD5 checksum: 6396996 80d3754fc278338033296f0d41ef2c04
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7_all.deb
Size/MD5 checksum: 45366 9f02e6acd2828a7cfcb5c9e4866ab120
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny7_all.deb
Size/MD5 checksum: 2060854 5b1f6debc65b7ca2ae8156b21f0d0597
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny7_all.deb
Size/MD5 checksum: 6737126 afec2194fa17efb6e4096c1019936cd0
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_alpha.deb
Size/MD5 checksum: 148012 8ecfd6794861e9e3d6978da82bc2cefe
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_alpha.deb
Size/MD5 checksum: 849168 55f719672e65f8d4fd8d5e636ce699fc
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_alpha.deb
Size/MD5 checksum: 84550 be00c04e09e2674ac29698b375cf929a
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_alpha.deb
Size/MD5 checksum: 261782 b1033eed4f6ef387ba40a9e47f22b55f
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_alpha.deb
Size/MD5 checksum: 2402612 88e34405726dc0db8dc6fa08fe9d3015
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_alpha.deb
Size/MD5 checksum: 262442 bd016288cc237eb634fb192495e82497
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_alpha.deb
Size/MD5 checksum: 209852 4bdaa051f16395f975ae9e23f20656cd
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_alpha.deb
Size/MD5 checksum: 208812 b81f75539975f5ce8d9d963d80db736d
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_alpha.deb
Size/MD5 checksum: 256700 edfa8a0cbf63cab6a556c4dd27469774
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_alpha.deb
Size/MD5 checksum: 82844 e30731c8d0d35915b89c971d8f75d601
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_amd64.deb
Size/MD5 checksum: 210460 5d06fbdfb55a1df8dbcba748863979ae
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_amd64.deb
Size/MD5 checksum: 253932 48d0d2c1809442bc8156b2cfc8479833
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_amd64.deb
Size/MD5 checksum: 2474402 297cc14e46752a0eaa74c51745f1b167
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_amd64.deb
Size/MD5 checksum: 825742 b6c41005aa6023fd6b8e46a2c2bb54d8
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_amd64.deb
Size/MD5 checksum: 211780 5b708928d5ccdd153a133696b0c2f634
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_amd64.deb
Size/MD5 checksum: 257998 2f673a0130221479fda2744754886983
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_amd64.deb
Size/MD5 checksum: 144544 6f5b0f0b1771560d2c03d9656a29fff5
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_amd64.deb
Size/MD5 checksum: 83122 3d1320b8034c5a264fafe1abda73519a
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_amd64.deb
Size/MD5 checksum: 258520 c87fc981aa02f36ae6c11ae4864956de
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)