Please take our Survey

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

[USN-23-1] apache2 vulnerability: msg#00011

linux.ubuntu.security.announce

Subject:	[USN-23-1] apache2 vulnerability

===========================================================
Ubuntu Security Notice USN-23-1 November 11, 2004
apache2 vulnerability
CAN-2004-0942
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

apache2-mpm-perchild
apache2-mpm-prefork
apache2-mpm-threadpool
apache2-mpm-worker

The problem can be corrected by upgrading the affected package to
version 2.0.50-12ubuntu4.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Chintan Trivedi discovered a Denial of Service vulnerability in
apache2. The field length limit was not enforced for certain malicious
requests. This could allow a remote attacker who is able to send large
amounts of data to a server to cause HTTP server instances to consume
proportional amounts of memory, which can render the service
unavailable.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.1.diff.gz
Size/MD5: 97967 cf0c1c891580db78dcc5446a767ac000

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.1.dsc
Size/MD5: 1151 0a7f762f4626fde4e303c1cc4d9ba78c

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50.orig.tar.gz
Size/MD5: 6321209 9d0767f8a1344229569fcd8272156f8b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.50-12ubuntu4.1_all.deb
Size/MD5: 3178054 82b91224019b7e1ebcb04ce6dab1839d

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.50-12ubuntu4.1_all.deb
Size/MD5: 163482 755fa2140e2cbc1242c56525614555a2

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.50-12ubuntu4.1_all.deb
Size/MD5: 164232 e79331594b1b564c3fa7d71ff01a3db7

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.1_amd64.deb
Size/MD5: 864366 b9d51742d0d08c0f1afd96ad2ae691da

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.1_amd64.deb
Size/MD5: 230102 d0b900d7e94f54e102492328c58d1893

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.1_amd64.deb
Size/MD5: 225242 fd5d08467e04612d7e0094502c9b6565

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.1_amd64.deb
Size/MD5: 228684 c40e8b7c350bc15339404a906a7901a0

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.1_amd64.deb
Size/MD5: 229262 1cfd8eb69f072c2cfd2b4c2cca68814b

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.1_amd64.deb
Size/MD5: 29710 cfcf4d17b8d836b58abdd6afc85913ec

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.1_amd64.deb
Size/MD5: 275206 ccaea19446f99022bcd3d8c7006d861e

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.1_amd64.deb
Size/MD5: 133148 0fa8b4ab41df7319e233ac142e08c938

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.1_i386.deb
Size/MD5: 825680 823bf43c10f5afb125458c02e06bd422

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.1_i386.deb
Size/MD5: 209084 f7114acd490b347bcc175f30b1d496da

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.1_i386.deb
Size/MD5: 205306 8815b7c99177c33edfa94ba5c0359416

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.1_i386.deb
Size/MD5: 207946 193b3f6c0710dc80b8acf08b951bc2f6

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.1_i386.deb
Size/MD5: 208388 7d11333a5ec1876f99030dd958c9a43f

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.1_i386.deb
Size/MD5: 29706 af8f749040fca22310e315d310331ce1

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.1_i386.deb
Size/MD5: 253176 9c4587c217ba98d6b63b50d18f5a7ba6

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.1_i386.deb
Size/MD5: 123872 5367a153ef8c66a4307b1250b3321d7f

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.1_powerpc.deb
Size/MD5: 903480 12c41213108120eabb9cafd2ab97af79

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.1_powerpc.deb
Size/MD5: 222718 5054b3fc46baeea33ccb1c7677c49097

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.1_powerpc.deb
Size/MD5: 217722 79d6763364edccb0571a9918e9e7f595

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.1_powerpc.deb
Size/MD5: 220892 01df3447f3668931d3ee7f3a055d1b88

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.1_powerpc.deb
Size/MD5: 221500 62851f812cba3ee3df558cdcc3ab5d33

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.1_powerpc.deb
Size/MD5: 29716 8148f425dac482351c32fbce31b37e8b

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.1_powerpc.deb
Size/MD5: 268974 71585a0eee76b026e0623f526da43fc0

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.1_powerpc.deb
Size/MD5: 130482 16e3a998f505e6a8dc0c8c48909c4886

signature.asc
Description: Digital signature

<Prev in Thread]	Current Thread	[Next in Thread>

Previous by Date:	[USN-24-1] openssl script vulnerability, Martin Pitt
Next by Date:	[USN-25-1] libgd2 vulnerability, Martin Pitt
Previous by Thread:	[USN-24-1] openssl script vulnerability, Martin Pitt
Next by Thread:	[USN-25-1] libgd2 vulnerability, Martin Pitt
Indexes:	[Date] [Thread] [Top] [All Lists]

Recently Viewed:
version-control... qnx.openqnx.dev... redhat.rhn.user... ietf.openpgp/20... mail.mutt.user/... web.microformat... java.sync4j.use... education.ezpro... user-groups.blu... solaris.manager... org.fitug.debat... technology.erps... politics.activi... linux.redhat.fe... bug-tracking.ma... xfce.user/2004-... hams/2004-11/ms... kde.users.pim/2... culture.cooking... freebsd.devel.x... gnu.m4.adhoc/20... ngpt.user/2002-... apple.fink.deve...

Home | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe

Navigation