Debian: DSA-1810-1: New libapache-mod-jk packages fix information

    Date02 Jun 2009
    CategoryDebian
    55
    Posted ByLinuxSecurity Advisories
    An information disclosure flaw was found in mod_jk, the Tomcat Connector module for Apache. If a buggy client included the "Content-Length" header without providing request body data, or if a client sent repeated equests very quickly, one client could obtain a response intended for
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1810-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Stefan Fritsch
    June 02, 2009                         http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : libapache-mod-jk
    Vulnerability  : information disclosure
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2008-5519
    Debian Bug     : 523054
    
    An information disclosure flaw was found in mod_jk, the Tomcat Connector
    module for Apache. If a buggy client included the "Content-Length" header
    without providing request body data, or if a client sent repeated 
    equests very quickly, one client could obtain a response intended for
    another client.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 1:1.2.26-2+lenny1.
    
    The oldstable distribution (etch), this problem has been fixed in
    version 1:1.2.18-3etch2.
    
    For the testing distribution (squeeze) and the unstable distribution
    (sid), this problem has been fixed in version 1:1.2.26-2.1.
    
    We recommend that you upgrade your libapache-mod-jk packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2.dsc
        Size/MD5 checksum:      935 dc3dd860d8c7a2710943903b485b1afa
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2.diff.gz
        Size/MD5 checksum:    11556 889ac12a51c93772cefad6af5225f7f7
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18.orig.tar.gz
        Size/MD5 checksum:   929823 58e1b9406e0cfe11bd4bc297ba146b4f
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk-doc_1.2.18-3etch2_all.deb
        Size/MD5 checksum:   118140 04190ed8b2fc8fea1bf98b1b1df14e9b
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_alpha.deb
        Size/MD5 checksum:   101802 b21ab36fc88cf555f9afe1f181124030
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_alpha.deb
        Size/MD5 checksum:    98112 29507ac73774562be5c8824cbbcc9131
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_amd64.deb
        Size/MD5 checksum:    97470 5a137194ffad6aca9bdfa2760447d635
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_amd64.deb
        Size/MD5 checksum:    93722 8642501f8588c5cf7fc990ccdd23ec4b
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_arm.deb
        Size/MD5 checksum:    92860 e11d9d8cf00d6aa71a369d99c92b23f4
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_arm.deb
        Size/MD5 checksum:    89258 11fbf05bce072618c3f229c2986e23a6
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_hppa.deb
        Size/MD5 checksum:   102432 400787b4e1bc663e2a9dc3c0127c4e73
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_hppa.deb
        Size/MD5 checksum:   106314 63572306d8c9d8ea8c47e66b809195fd
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_i386.deb
        Size/MD5 checksum:    93386 92d553ae68620971f9b81d81400cc7aa
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_i386.deb
        Size/MD5 checksum:    89482 028881fdbf37c27de6fa3edd8fbd05c4
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_ia64.deb
        Size/MD5 checksum:   120858 6919a34dfa3dfee634a9642604a3e8ff
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_ia64.deb
        Size/MD5 checksum:   125960 cba7d736e52cabbe70de29f0e51cddf5
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_mips.deb
        Size/MD5 checksum:    86614 4c1700cd9242c833fa22dfad073756c6
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_mips.deb
        Size/MD5 checksum:    89758 e41ac894937a180111156157498843ab
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_mipsel.deb
        Size/MD5 checksum:    89858 aa269380dffa92119aa9004f82f98da2
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_mipsel.deb
        Size/MD5 checksum:    86710 769d82a08a391758a712b944f54b0cbb
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_powerpc.deb
        Size/MD5 checksum:    93420 f576dbcb12dec39481126d4d2b40ffe9
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_powerpc.deb
        Size/MD5 checksum:    90220 5716b5070274952d35957e07f33742c0
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_s390.deb
        Size/MD5 checksum:    99948 897e7b4cd9acb4a1a735d4e1a49474c9
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_s390.deb
        Size/MD5 checksum:    96176 d8f44d62414bc99fcf4360eb64d29b37
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_sparc.deb
        Size/MD5 checksum:    87926 0084f3bdb917e99f666d8fa7832d0b2a
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_sparc.deb
        Size/MD5 checksum:    91398 7ed7eedb497a1a0cecab652eb3bc1195
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.26-2+lenny1.dsc
        Size/MD5 checksum:     1336 7070da05cbe8200e7d92dbfe9228ab0e
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.26.orig.tar.gz
        Size/MD5 checksum:  1442605 feaec245136bc4d99a9dde95a00ea93c
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.26-2+lenny1.diff.gz
        Size/MD5 checksum:    12187 8b6e6b0abd76bae90c99c50ab1fee027
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk-doc_1.2.26-2+lenny1_all.deb
        Size/MD5 checksum:   169998 d31f4efe7b78e94bf1c7cffabce17c6b
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_alpha.deb
        Size/MD5 checksum:   125008 0a99d6364abf9b5934dfe0814c9ac589
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_amd64.deb
        Size/MD5 checksum:   127806 84fe833769ac2a4cda17fb6f48b3ca6d
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_arm.deb
        Size/MD5 checksum:   130600 81d9d588db9c29c0ff58d9fd395ffdd6
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_armel.deb
        Size/MD5 checksum:   133242 efa4faa96460d23682eb36958f475994
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_hppa.deb
        Size/MD5 checksum:   126034 45135481a1cc2689b9c5b6910fca0b03
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_i386.deb
        Size/MD5 checksum:   109874 bf54bb8f3489715932e5a07739a63dc4
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_ia64.deb
        Size/MD5 checksum:   168168 fc402d0ecfb2cf96fb1600633772e418
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_mips.deb
        Size/MD5 checksum:   111094 fe05eaac643aa26a9ca1ec755daa36ae
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_mipsel.deb
        Size/MD5 checksum:   110106 e037fea37091598bbbd6a0530b090e9c
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_powerpc.deb
        Size/MD5 checksum:   121816 f6be93aeec7aea7f10dac6c056086324
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_s390.deb
        Size/MD5 checksum:   129412 f3373807d3f321bd6d38b7fcdc4dad8f
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_sparc.deb
        Size/MD5 checksum:   118514 3966e3f51da1b24f5fb45c6775c04918
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.