Linux Security
    Linux Security
    Linux Security

    Debian: 'libapache-mod-ssl' Buffer overflow / DoS

    Date 02 Jul 2002
    3135
    Posted By LinuxSecurity Advisories
    Recently, a problem has been found in the handling of .htaccess files,allowing arbitrary code execution as the web server user (regardless ofExecCGI / suexec settings), DoS attacks (killing off apache children), andallowing someone to take control of apache child processes - all troughspecially crafted .htaccess files.
    
    ------------------------------------------------------------------------
    Debian Security Advisory DSA-135-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    https://www.debian.org/security/ Robert van der Meulen
    July  2, 2002
    ------------------------------------------------------------------------
    
    
    Package        : libapache-mod-ssl
    Problem type   : buffer overflow / DoS
    Debian-specific: no
    
    The libapache-mod-ssl package provides SSL capability to the apache
    webserver.
    Recently, a problem has been found in the handling of .htaccess files,
    allowing arbitrary code execution as the web server user (regardless of
    ExecCGI / suexec settings), DoS attacks (killing off apache children), and
    allowing someone to take control of apache child processes - all trough
    specially crafted .htaccess files.
    More information about this vulnerability can be found at
     
    https://online.securityfocus.com/bid/5084
    
    This has been fixed in the libapache-mod-ssl_2.4.10-1.3.9-1potato2 package
    (for potato), and the libapache-mod-ssl_2.8.9-2 package (for woody) .
    We recommend you upgrade as soon as possible.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    Debian GNU/Linux 2.2 alias potato
    ---------------------------------
    
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
      Packages for m68k are not available at this moment.
    
      Source archives:
    
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2.dsc
    MD5 checksum:	5b2cb207ba8214f52ffbc28836dd8dc4
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2.diff.gz
    MD5 checksum:	29eef2b3307f00d92eb425ac669dabec
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9.orig.tar.gz
    MD5 checksum:	cb0f2e07065438396f0d5df403dd2c16
    
      Architecture independent packages:
    
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.4.10-1.3.9-1potato2_all.deb
    MD5 checksum:	ebd8154f614e646b3a12980c8db606b6
    
      alpha architecture (DEC Alpha)
    
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_alpha.deb
    MD5 checksum:	a3d73598e692b9c0bb945a52a00a363c
    
      arm architecture (ARM)
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_arm.deb
    MD5 checksum:	11e1085504430cacadd0255a0743b80a
    
      i386 architecture (Intel ia32)
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_i386.deb
    MD5 checksum:	a1fd7d6a7ef3506ee0f94e56735d3d08
    
      powerpc architecture (PowerPC)
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_powerpc.deb
    MD5 checksum:	0f01742c2a77f2728baea4e1e9ad7ff0
    
      sparc architecture (Sun SPARC/UltraSPARC)
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_sparc.deb
    MD5 checksum:	4982a209adc93acbf50a650a3569d217
    
      These packages will be moved into the stable distribution on its next
      revision.
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Woody will be released for alpha, arm, hppa, i386, ia64, m68k, mips,
      mipsel, powerpc, s390 and sparc.
      Packages for ia64 and hppa are not available for the moment.
    
      Source archives:
    
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.dsc
    MD5 checksum:	7cce5c97bd3cf35c8782d54a25138165
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.diff.gz
    MD5 checksum:	fc9f20e6d3bece6f0d3bad067c61d56a
    
      Architecture independent packages:
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.8.9-2_all.deb
    MD5 checksum:	541257e99c523141625f5fc43fb3dec4
    
      alpha architecture (DEC Alpha)
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_alpha.deb
    MD5 checksum:	712e406d8be713047f3e46bbf58269a5
    
      arm architecture (ARM)
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_arm.deb
    MD5 checksum:	8ce3d4d45f45423a6c6b7d795c319d33
    
      i386 architecture (intel ia32)
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_i386.deb
    MD5 checksum:	06733dc49c228230e5713f34eae7f8b0
    
      m68k architecture
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_m68k.deb
    MD5 checksum: 	e5a8518aac6d08bb5e9cc50195d336e3
    
      mips architecture
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_mips.deb
    MD5 checksum:	dde883d6ee72f3b29fc324d9cb497670
    
      mipsel architecture
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_mipsel.deb
    MD5 checksum:	a80756857248358c7973a5b0fb9372e2
    
      powerpc architecture (PowerPC)
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_powerpc.deb
    MD5 checksum:	715876a54ddddf1e17e4c2ec9d2f5eea
    
      s390 architecture (S390)
         https://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_s390.deb
    MD5 checksum:	1a31f564ceba0ca82d9892d023caffd0
    
    --
    ----------------------------------------------------------------------------
    apt-get: deb  https://security.debian.org/ stable/updates main
    dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.