From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2117-1
[email protected] http://www.debian.org/security/ Stefan Fritsch October 4, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : apr-util
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-1623
APR-util is part of the Apache Portable Runtime library which is used
by projects such as Apache httpd and Subversion.
Jeff Trawick discovered a flaw in the apr_brigade_split_line() function
in apr-util. A remote attacker could send crafted http requests to
cause a greatly increased memory consumption in Apache httpd, resulting
in a denial of service.
This upgrade fixes this issue. After the upgrade, any running apache2
server processes need to be restarted.
For the stable distribution (lenny), this problem has been fixed in
version 1.2.12+dfsg-8+lenny5.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 1.3.9+dfsg-4.
We recommend that you upgrade your apr-util packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny (stable)
- -----------------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz
Size/MD5 checksum: 658687 4ef3e41037fe0cdd3a0d107335a008eb
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny5.dsc
Size/MD5 checksum: 1531 3c280d9325eccb5b202f797dfe4b0fec
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny5.diff.gz
Size/MD5 checksum: 23557 ccbe052945c3c7a7abb083a5780e63fa
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_alpha.deb
Size/MD5 checksum: 90912 f01833decf4c09cb19900ad830537656
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_alpha.deb
Size/MD5 checksum: 157332 c768e904368992a886bab995d06be691
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_alpha.deb
Size/MD5 checksum: 147422 1f0111e3b3d573c860d72fb7d8f0e8b5
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_amd64.deb
Size/MD5 checksum: 133214 02ecc9426d426a0b07fad57d8548a552
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_amd64.deb
Size/MD5 checksum: 80190 bc013109f72a0550ab75a3cbcea4c8e3
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_amd64.deb
Size/MD5 checksum: 148128 a9074ac6c50448c01a8b79a1b43fd71a
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_arm.deb
Size/MD5 checksum: 71238 0f14138790b33ed5312d1bd9c64b1f00
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_arm.deb
Size/MD5 checksum: 124300 360c36286adba8e4590d3d788edc861b
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_arm.deb
Size/MD5 checksum: 139246 1221f6cb3918a1b4fea98aac628f1eaa
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_armel.deb
Size/MD5 checksum: 125562 e438c52ef68ba41152adf433bc21d616
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_armel.deb
Size/MD5 checksum: 70018 364da2335ced6c3219f8e6ce206b66e3
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_armel.deb
Size/MD5 checksum: 139230 76e5e253b409ce658a5be6362344fff5
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_hppa.deb
Size/MD5 checksum: 83802 c410f61265b32634094ad350d0d4aeb5
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_hppa.deb
Size/MD5 checksum: 138764 b467ed9dc49f4379e6db88d45e4ef233
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_hppa.deb
Size/MD5 checksum: 143056 952388a55397fad1995bc02367571482
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_i386.deb
Size/MD5 checksum: 141614 edd53fa18ff076d2dff72b40a9651d14
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_i386.deb
Size/MD5 checksum: 73984 2aa25fcf6479e34bdce90f1b989dfa4f
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_i386.deb
Size/MD5 checksum: 121060 788336d970df93d381088228298e4f4d
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_ia64.deb
Size/MD5 checksum: 110820 789ad31d3dc20ebc5e7a3d1d791087c5
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_ia64.deb
Size/MD5 checksum: 136570 67db51e6841ba527c27cd8608f203760
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_ia64.deb
Size/MD5 checksum: 169058 def2319fc7c98c667ff63fab83ba848a
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_mips.deb
Size/MD5 checksum: 137656 65b830e995d0e1df9e5dd3ded8d70384
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)