=========================================================== Ubuntu Security Notice USN-225-1 December 06, 2005 apache2 vulnerability CVE-2005-2970 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: apache2-mpm-worker The problem can be corrected by upgrading the affected package to version 2.0.50-12ubuntu4.9 (for Ubuntu 4.10), 2.0.53-5ubuntu5.4 (for Ubuntu 5.04), or 2.0.54-5ubuntu3 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A memory leak was found in the Apache 2 'worker' module in the handling of aborted TCP connections. By repeatedly triggering this situation, a remote attacker could drain all available memory, which eventually led to a Denial of Service. Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.9.diff.gz Size/MD5: 102151 e74ea1f9db5e8869fefcda08ada491c7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.9.dsc Size/MD5: 1152 8b2c88edf7bc94361c8c8eb6f18c0b2b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50.orig.tar.gz Size/MD5: 6321209 9d0767f8a1344229569fcd8272156f8b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.50-12ubuntu4.9_all.deb Size/MD5: 3178820 0939b901edabbb7604e920cb4b5f8a40 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.50-12ubuntu4.9_all.deb Size/MD5: 164294 09c4d4128c4b27e76006076f3824998e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.50-12ubuntu4.9_all.deb Size/MD5: 165058 dd7cf2519b25b54eeade02d2b4f26e2b amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.9_amd64.deb Size/MD5: 865170 cac566ce1a08db01acf518badd27d2fd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.9_amd64.deb Size/MD5: 230954 c961bec22257f061490d9262791866d9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.9_amd64.deb Size/MD5: 226102 88d8fe952de1c7911ed001f70a254407 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.9_amd64.deb Size/MD5: 229480 1733998c284609428927bb6e2c36e3c6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.9_amd64.deb Size/MD5: 230074 08ac7405a327c6c60cf9a59632e30a2b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.9_amd64.deb Size/MD5: 30532 60f3839d4452b5cd6359fefabd29b6da http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.9_amd64.deb Size/MD5: 276032 359a6e506d7362cf325d641e5734e205 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.9_amd64.deb Size/MD5: 133980 04f33dcb171e94a520149078fdd5e358 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.9_i386.deb Size/MD5: 826686 7f68df072e4e2fce889738e5a824803c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.9_i386.deb Size/MD5: 209934 a8a36c2d08dd634650c960c6333e72e8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.9_i386.deb Size/MD5: 206158 07be2129e71e696fbba491d49d13b22e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.9_i386.deb Size/MD5: 208786 32ece92d33cfdc9e80e029413c69813a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.9_i386.deb Size/MD5: 209186 9bcd345bbb3d9c3a4668664437e1864a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.9_i386.deb Size/MD5: 30530 0c580eb29fe08e5caefad401fbb74021 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.9_i386.deb Size/MD5: 254004 ab5ac54af4cb232e7016c8d1540967d2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.9_i386.deb Size/MD5: 124706 c749b33a9779423584f61385eee92a72 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.9_powerpc.deb Size/MD5: 904382 082a940661eb96d2501a0c76f8ccfaeb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.9_powerpc.deb Size/MD5: 223562 c8e7cc4ccd5d73cd4d7c1f1a6397ac83 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.9_powerpc.deb Size/MD5: 218562 c669834a22b52aa370b69706750bb69b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.9_powerpc.deb Size/MD5: 221726 77acd83c70eceb01869c7c336ea7541f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.9_powerpc.deb Size/MD5: 222368 191ec846433dcda10cd5a3a9a7559749 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.9_powerpc.deb Size/MD5: 30528 f648545edca3d021447c263afdfa8284 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.9_powerpc.deb Size/MD5: 269800 2fc6d58e6ab11c98803b32dc66ee464b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.9_powerpc.deb Size/MD5: 131302 e1885ea3b0c4b47b92fcd25ae7a71594 Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.4.diff.gz Size/MD5: 108864 d7f1abfb68989fd7ae654db51be2f4cf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.4.dsc Size/MD5: 1159 80eeaa51dc7cbaacceff3d3d32f617bd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53.orig.tar.gz Size/MD5: 6925351 40507bf19919334f07355eda2df017e5 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.53-5ubuntu5.4_all.deb Size/MD5: 3578526 834837c6721f2ad42be9beb2bcf5d116 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.53-5ubuntu5.4_all.deb Size/MD5: 34044 9831b3f20ea36ec8a7a3a43788058593 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.4_amd64.deb Size/MD5: 826372 36d622f7fa035ce38c3e0c9b4d4b0da2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.4_amd64.deb Size/MD5: 221338 fc3e401e2ae94414322d8fb836acb94e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.4_amd64.deb Size/MD5: 216936 138bdc91f670052413668dc5e8abf7fb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.4_amd64.deb Size/MD5: 220254 c4a5801fdfafae7ba9de20b94ee198ce http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.4_amd64.deb Size/MD5: 167756 9b94213e02543ff0a6d9071c6d7d6a18 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.4_amd64.deb Size/MD5: 168530 9930e5ec455652dc03014e05735144c5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.4_amd64.deb Size/MD5: 93204 9dc6564781ca606763d2bf7bedc0db0a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.4_amd64.deb Size/MD5: 33974 24ba2f6c53d870a70709ae2a8eb92170 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.4_amd64.deb Size/MD5: 279346 6bb71e2371117a60f85ae2827be8a218 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.4_amd64.deb Size/MD5: 137856 6fa34b307bb14ee3e9b8589c73dcb4c0 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.4_i386.deb Size/MD5: 789288 6a5ace41b9a75f248dfb29af4482f4cd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.4_i386.deb Size/MD5: 201544 f12be022acedcb938b66aee0edbb7f9b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.4_i386.deb Size/MD5: 197378 a4a6a8018b571e1f1792ca5b3faf6b86 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.4_i386.deb Size/MD5: 200850 2fd2a977ade9444546718121e66a76f9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.4_i386.deb Size/MD5: 167764 6cf6fb28c46f094cb038879d902cf2a5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.4_i386.deb Size/MD5: 168542 67bdfa7cd34283cac0f04f63b39aa345 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.4_i386.deb Size/MD5: 90910 0f08aafc744cb3618f9af9a3c6ffeae3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.4_i386.deb Size/MD5: 33968 2e5da2fc39f6a1fa55c1daf01660e952 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.4_i386.deb Size/MD5: 257286 90fccea2f3f0ddc8097ffb81d5b0ca37 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.4_i386.deb Size/MD5: 128508 ff51486c88ef3e4daf625773efba0de4 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.53-5ubuntu5.4_powerpc.deb Size/MD5: 855668 14ab804c5da790e7564a95c27ef69b49 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.53-5ubuntu5.4_powerpc.deb Size/MD5: 214556 935cd75d78138f623aa3431b1517a017 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.53-5ubuntu5.4_powerpc.deb Size/MD5: 209660 8116e708946322e2f00eee12ba3f98cd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.53-5ubuntu5.4_powerpc.deb Size/MD5: 213622 d1b5215e1a9dd82a0cbd008d691f7040 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.53-5ubuntu5.4_powerpc.deb Size/MD5: 167766 97f1f88f5bca368a7130e4271efb0d75 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.53-5ubuntu5.4_powerpc.deb Size/MD5: 168538 d19bcebe03bd68c750635c9ad9b7edd2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.53-5ubuntu5.4_powerpc.deb Size/MD5: 102568 aa68b182394cb52660f803665c5c0e3f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.53-5ubuntu5.4_powerpc.deb Size/MD5: 33970 1626c3d5dfa006f9d9cbfd8def1976b7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.53-5ubuntu5.4_powerpc.deb Size/MD5: 272586 98ddb546ad127e40682913654ce7a278 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.53-5ubuntu5.4_powerpc.deb Size/MD5: 134860 053057456d08e8e7406f3e580f077dee Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.54-5ubuntu3.diff.gz Size/MD5: 116174 34db9656b4bbbff459b25b25cb368c9e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.54-5ubuntu3.dsc Size/MD5: 1155 58402cdaac4b4716b24656cde8ee457f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.54.orig.tar.gz Size/MD5: 7493636 37d0d0a3e25ad93d37f0483021e70409 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.54-5ubuntu3_all.deb Size/MD5: 3862734 7d065212e1e4d62b58a2a6f392a5d301 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5ubuntu3_all.deb Size/MD5: 34878 1e19536ca819876d8274fc373c645790 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.54-5ubuntu3_amd64.deb Size/MD5: 825944 93ea041f0a9718590d2dadc9c30d0e67 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5ubuntu3_amd64.deb Size/MD5: 225800 32e4c83ff244f275d6d36d11dbda7202 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5ubuntu3_amd64.deb Size/MD5: 220424 5d38a2881f01a51d05d02664e33e95e1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.54-5ubuntu3_amd64.deb Size/MD5: 224984 8486ce8af766a2df2c219a41d4125af0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.54-5ubuntu3_amd64.deb Size/MD5: 169096 6c8a9c61ace50a980f7927c7a8a1a5b5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.54-5ubuntu3_amd64.deb Size/MD5: 169818 8dc10e856449d0b5c2988726d0084abd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.54-5ubuntu3_amd64.deb Size/MD5: 92812 554e17703ed5b011c5f81e8515b7df08 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.54-5ubuntu3_amd64.deb Size/MD5: 34804 7a57d975b10c8f752b989174396a8529 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.54-5ubuntu3_amd64.deb Size/MD5: 283084 b2ec8329f8f10ec2ae4fec1cc5f82ead http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.54-5ubuntu3_amd64.deb Size/MD5: 142496 2de04dcd1db1a7dfb0909fa9ff6bed54 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.54-5ubuntu3_i386.deb Size/MD5: 780532 6c73755ddb0f212d931885c52efccdb9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5ubuntu3_i386.deb Size/MD5: 201058 a7fb62144aab4355a35def4535faefc5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5ubuntu3_i386.deb Size/MD5: 196888 51dff105e376abe915078ebada32740f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.54-5ubuntu3_i386.deb Size/MD5: 200478 e5e18a8ac5b1461d1dbf3d1805b5e88b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.54-5ubuntu3_i386.deb Size/MD5: 169094 b1d9b6ef81af9a281b1843d6cbd8eccb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.54-5ubuntu3_i386.deb Size/MD5: 169826 d66de885e97d211afb0f2ea53979d01d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.54-5ubuntu3_i386.deb Size/MD5: 91114 4406f75ddd1011bce97b30e13e0a061c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.54-5ubuntu3_i386.deb Size/MD5: 34800 94e994aeda8e1ff14366e5ba465f0da5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.54-5ubuntu3_i386.deb Size/MD5: 259416 292003cf8c7e673740f18fa146aaa273 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.54-5ubuntu3_i386.deb Size/MD5: 130896 b1a770ce8394240c5ca9f56d42a6ab34 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.54-5ubuntu3_powerpc.deb Size/MD5: 853918 8a527dd0f402dd81ee013304ce2465ed http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5ubuntu3_powerpc.deb Size/MD5: 217928 f930489a31485178b23e096abe464fa3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5ubuntu3_powerpc.deb Size/MD5: 213586 b67098bee56ee511ec4de768bca9bb36 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.54-5ubuntu3_powerpc.deb Size/MD5: 217104 34ed2b127e9a67d09a6c521b9c0053ba http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.54-5ubuntu3_powerpc.deb Size/MD5: 169100 6ac421fa90132f4aa37f909f9d4d7cf7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.54-5ubuntu3_powerpc.deb Size/MD5: 169836 83b2d561d7e9880e975454d563b6dd75 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.54-5ubuntu3_powerpc.deb Size/MD5: 103102 6d151cad13a74e59086e2c016169d320 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.54-5ubuntu3_powerpc.deb Size/MD5: 34802 dc57f7c5ef4fc4c3be396eff2f0b0dbe http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.54-5ubuntu3_powerpc.deb Size/MD5: 278680 69100436836a9f769526ed1583d76a8e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.54-5ubuntu3_powerpc.deb Size/MD5: 139938 5bf906ed253dabdad27062901beda6d6
Attachment:
signature.asc
Description: Digital signature