<<< Date Index >>>     <<< Thread Index >>>

[USN-120-1] Apache 2 vulnerability



===========================================================
Ubuntu Security Notice USN-120-1               May 06, 2005
apache2 vulnerability
CAN-2005-1344
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

apache2-utils

The problem can be corrected by upgrading the affected package to
version 2.0.50-12ubuntu4.2 (for Ubuntu 4.10) and 2.0.53-5ubuntu5.1
(for Ubuntu 5.04). In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Luca Ercoli discovered that the "htdigest" program did not perform any
bounds checking when it copied the "user" and "realm" arguments into
local buffers. If this program is used in remotely callable CGI
scripts, this could be exploited by a remote attacker to execute
arbitrary code with the privileges of the CGI script.

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.2.diff.gz
      Size/MD5:    98267 87586b5cb510061595cef66338581a79
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.2.dsc
      Size/MD5:     1151 a9513abc00ea2349450bc41893924934
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50.orig.tar.gz
      Size/MD5:  6321209 9d0767f8a1344229569fcd8272156f8b

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.50-12ubuntu4.2_all.deb
      Size/MD5:  3178132 1e9d1e7ac590566418bee5afc0aa49a2
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.50-12ubuntu4.2_all.deb
      Size/MD5:   163566 b261a2b9a55de3ad5a442a907de01ebb
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.50-12ubuntu4.2_all.deb
      Size/MD5:   164312 b84bcf4e053a51cd8301df3401e3e2b2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.2_amd64.deb
      Size/MD5:   864476 cf93d873c7977092835a357e988092e4
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.2_amd64.deb
      Size/MD5:   230190 c0e93260cb0393d13587718a47c7b45b
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.2_amd64.deb
      Size/MD5:   225342 8f120306e1c71496fef963891541c405
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.2_amd64.deb
      Size/MD5:   228774 25b87218b42035965567440434cf52b3
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.2_amd64.deb
      Size/MD5:   229344 da3093352e24225be0238dc666ef9cfb
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.2_amd64.deb
      Size/MD5:    29800 160aa26592c557ee6e7a46cf1a0e2960
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.2_amd64.deb
      Size/MD5:   275310 daf38c889708fda550182c9d483b0230
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.2_amd64.deb
      Size/MD5:   133252 67a0f7ef5009e90101638b3a298b6e3f

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.2_i386.deb
      Size/MD5:   825786 4b6f3ca0efb794bf7740837062c479fc
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.2_i386.deb
      Size/MD5:   209170 7d293b865d950cc5d05466963653bb7f
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.2_i386.deb
      Size/MD5:   205394 25b99fbd9226fb46251dac7124142936
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.2_i386.deb
      Size/MD5:   208042 23c67fc8862c995f096bdfc3e7b3e692
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.2_i386.deb
      Size/MD5:   208476 1f353dd0d64128b99e7c9792d996ba4a
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.2_i386.deb
      Size/MD5:    29808 49fae153ca436da85a3a9d666e07044a
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.2_i386.deb
      Size/MD5:   253274 cd7d0c90906691ca0399a82a410d6082
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.2_i386.deb
      Size/MD5:   123972 3020312e5282fabf9c2656b1324391e3

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.2_powerpc.deb
      Size/MD5:   903634 cb3389870d788eda54536e47157f0347
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.2_powerpc.deb
      Size/MD5:   222798 499b94a9f6841b9da69419115d84f635
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.2_powerpc.deb
      Size/MD5:   217804 d95bc9eb5b22926f0fb22acfba61a6ee
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.2_powerpc.deb
      Size/MD5:   220968 dbd2a97b2b578e6764ff5d4d8970c2d9
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.2_powerpc.deb
      Size/MD5:   221576 a7cca9a4b76f5083f43260122275a7ce
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.2_powerpc.deb
      Size/MD5:    29806 d1cc1c63cc85d158473c7e0046272936
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.2_powerpc.deb
      Size/MD5:   269076 20737e649d99a193903b4f0e0fe5a583
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.2_powerpc.deb
      Size/MD5:   130578 f29d8ca28893d687efe9ffd4585c2abb

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.1.diff.gz
      Size/MD5:   105830 f19f392f87e39389da168006afc18f89
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.1.dsc
      Size/MD5:     1159 81a2017e0536fadf7bc2a40b9be54aca
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53.orig.tar.gz
      Size/MD5:  6925351 40507bf19919334f07355eda2df017e5

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.53-5ubuntu5.1_all.deb
      Size/MD5:  3578168 67c51a790160e24bf93c0ac786c81b3e
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.53-5ubuntu5.1_all.deb
      Size/MD5:    33596 0a4b96294be9f2dfa548c6de9d46e0a4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:   825872 0002ddfccd994ca6026f6be3c975bcfe
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:   220892 528f92368df98af9bcefcd1fb1a134d7
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:   216428 27b2da096b9fd64b6794592e76f2cff5
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:   219824 59cd86376b876f102589fb65c7fcd156
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:   167266 f64176450d54e6e4b10d6ede5ff366bb
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:   168060 acdd5e8c1ed883d538bcb51c5cc3d16c
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:    92732 1019e7ccb24cc0ed4cdc9a7c32dc5009
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:    33522 c3b5ac52fc94e266d37d1c0dac960fdb
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:   278884 9ba58e2af006050c8e3f80bbfb57bcc3
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.1_amd64.deb
      Size/MD5:   137382 79c0405522bebe834c2e6b99795b720a

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:   788586 0211beba06e7e2774df5fba57badfade
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:   201064 68b06d7c7a59dee404ec462a37ca5011
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:   196892 170f0ce0c87f29438957316ec2ec0122
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:   200354 8f6d7094d11774b85aa8c6c11bc750c1
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:   167266 c38b18adb268f882b2b42b81157ab631
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:   168058 7738f68bede8476d51d2608857a3cd39
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:    90456 51bf7881c66bcf5c694ee9e596ab1cc1
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:    33520 ba391b0999fcd1b4206f87065fb0f48c
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:   256802 a3a624b345018c54f091ccea0e9da41c
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.1_i386.deb
      Size/MD5:   128064 734d5122ec076a54f6e76410f6a1245e

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   855108 1dfc0c0da261db28527c18cb74aad068
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   214136 5f02f57b520924f15aa76eda2d080956
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   209138 0c583de044adfcc776d1379e670dc3c6
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   213150 bc7d7e9151dd51e29205d17b3b0414e2
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   167268 e9e17dfbf9c96df0b403a189cef90042
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   168050 b6f72f186997b75aab014c3082fcfa71
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   102106 fa4df0db982df921c232e2913c71ef89
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:    33522 3ee1c98a1ea5dc77269d833b18df79d4
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   272108 099cf2448a2cf6801cd173329637f2bf
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.1_powerpc.deb
      Size/MD5:   134342 94baf66057345048d892236dd3960019

Attachment: signature.asc
Description: Digital signature