Debian: DSA-1810-1: New libapache-mod-jk packages fix information

    Date02 Jun 2009
    CategoryDebian
    31
    Posted ByLinuxSecurity Advisories
    An information disclosure flaw was found in mod_jk, the Tomcat Connector module for Apache. If a buggy client included the "Content-Length" header without providing request body data, or if a client sent repeated equests very quickly, one client could obtain a response intended for
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1810-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Stefan Fritsch
    June 02, 2009                         http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : libapache-mod-jk
    Vulnerability  : information disclosure
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2008-5519
    Debian Bug     : 523054
    
    An information disclosure flaw was found in mod_jk, the Tomcat Connector
    module for Apache. If a buggy client included the "Content-Length" header
    without providing request body data, or if a client sent repeated 
    equests very quickly, one client could obtain a response intended for
    another client.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 1:1.2.26-2+lenny1.
    
    The oldstable distribution (etch), this problem has been fixed in
    version 1:1.2.18-3etch2.
    
    For the testing distribution (squeeze) and the unstable distribution
    (sid), this problem has been fixed in version 1:1.2.26-2.1.
    
    We recommend that you upgrade your libapache-mod-jk packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2.dsc
        Size/MD5 checksum:      935 dc3dd860d8c7a2710943903b485b1afa
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2.diff.gz
        Size/MD5 checksum:    11556 889ac12a51c93772cefad6af5225f7f7
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18.orig.tar.gz
        Size/MD5 checksum:   929823 58e1b9406e0cfe11bd4bc297ba146b4f
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk-doc_1.2.18-3etch2_all.deb
        Size/MD5 checksum:   118140 04190ed8b2fc8fea1bf98b1b1df14e9b
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_alpha.deb
        Size/MD5 checksum:   101802 b21ab36fc88cf555f9afe1f181124030
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_alpha.deb
        Size/MD5 checksum:    98112 29507ac73774562be5c8824cbbcc9131
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_amd64.deb
        Size/MD5 checksum:    97470 5a137194ffad6aca9bdfa2760447d635
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_amd64.deb
        Size/MD5 checksum:    93722 8642501f8588c5cf7fc990ccdd23ec4b
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_arm.deb
        Size/MD5 checksum:    92860 e11d9d8cf00d6aa71a369d99c92b23f4
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_arm.deb
        Size/MD5 checksum:    89258 11fbf05bce072618c3f229c2986e23a6
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_hppa.deb
        Size/MD5 checksum:   102432 400787b4e1bc663e2a9dc3c0127c4e73
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_hppa.deb
        Size/MD5 checksum:   106314 63572306d8c9d8ea8c47e66b809195fd
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_i386.deb
        Size/MD5 checksum:    93386 92d553ae68620971f9b81d81400cc7aa
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_i386.deb
        Size/MD5 checksum:    89482 028881fdbf37c27de6fa3edd8fbd05c4
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_ia64.deb
        Size/MD5 checksum:   120858 6919a34dfa3dfee634a9642604a3e8ff
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_ia64.deb
        Size/MD5 checksum:   125960 cba7d736e52cabbe70de29f0e51cddf5
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_mips.deb
        Size/MD5 checksum:    86614 4c1700cd9242c833fa22dfad073756c6
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_mips.deb
        Size/MD5 checksum:    89758 e41ac894937a180111156157498843ab
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_mipsel.deb
        Size/MD5 checksum:    89858 aa269380dffa92119aa9004f82f98da2
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_mipsel.deb
        Size/MD5 checksum:    86710 769d82a08a391758a712b944f54b0cbb
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_powerpc.deb
        Size/MD5 checksum:    93420 f576dbcb12dec39481126d4d2b40ffe9
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_powerpc.deb
        Size/MD5 checksum:    90220 5716b5070274952d35957e07f33742c0
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_s390.deb
        Size/MD5 checksum:    99948 897e7b4cd9acb4a1a735d4e1a49474c9
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_s390.deb
        Size/MD5 checksum:    96176 d8f44d62414bc99fcf4360eb64d29b37
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_sparc.deb
        Size/MD5 checksum:    87926 0084f3bdb917e99f666d8fa7832d0b2a
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_sparc.deb
        Size/MD5 checksum:    91398 7ed7eedb497a1a0cecab652eb3bc1195
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.26-2+lenny1.dsc
        Size/MD5 checksum:     1336 7070da05cbe8200e7d92dbfe9228ab0e
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.26.orig.tar.gz
        Size/MD5 checksum:  1442605 feaec245136bc4d99a9dde95a00ea93c
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.26-2+lenny1.diff.gz
        Size/MD5 checksum:    12187 8b6e6b0abd76bae90c99c50ab1fee027
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk-doc_1.2.26-2+lenny1_all.deb
        Size/MD5 checksum:   169998 d31f4efe7b78e94bf1c7cffabce17c6b
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_alpha.deb
        Size/MD5 checksum:   125008 0a99d6364abf9b5934dfe0814c9ac589
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_amd64.deb
        Size/MD5 checksum:   127806 84fe833769ac2a4cda17fb6f48b3ca6d
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_arm.deb
        Size/MD5 checksum:   130600 81d9d588db9c29c0ff58d9fd395ffdd6
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_armel.deb
        Size/MD5 checksum:   133242 efa4faa96460d23682eb36958f475994
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_hppa.deb
        Size/MD5 checksum:   126034 45135481a1cc2689b9c5b6910fca0b03
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_i386.deb
        Size/MD5 checksum:   109874 bf54bb8f3489715932e5a07739a63dc4
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_ia64.deb
        Size/MD5 checksum:   168168 fc402d0ecfb2cf96fb1600633772e418
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_mips.deb
        Size/MD5 checksum:   111094 fe05eaac643aa26a9ca1ec755daa36ae
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_mipsel.deb
        Size/MD5 checksum:   110106 e037fea37091598bbbd6a0530b090e9c
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_powerpc.deb
        Size/MD5 checksum:   121816 f6be93aeec7aea7f10dac6c056086324
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_s390.deb
        Size/MD5 checksum:   129412 f3373807d3f321bd6d38b7fcdc4dad8f
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_sparc.deb
        Size/MD5 checksum:   118514 3966e3f51da1b24f5fb45c6775c04918
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"2","type":"x","order":"2","pct":50,"resources":[]},{"id":"86","title":"No","votes":"2","type":"x","order":"3","pct":50,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.