Debian: New mod_python packages fix information leak
Summary
- --------------------------------------------------------------------------Debian Security Advisory DSA 689-1 security@debian.org http://www.debian.org/security/ Martin Schulze February 23rd, 2005 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : libapache-mod-python Vulnerability : missing input sanisiting Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-0088 Graham Dumpleton discovered a flaw which can affect anyone using the publisher handle of the Apache Software Foundation's mod_python. The publisher handle lets you publish objects inside modules to make them callable via URL. The flaw allows a carefully crafted URL to obtain extra information that should not be visible (information leak). For the stable distribution (woody) this problem has been fixed in version 2.7.8-0.0woody5. For the unstable distribution (sid) this problem has been fixed in version 2.7.10-4 of libapache-mod-python and in version 3.1.3-3 of libapache2-mod-python. We recommend that you upgrade your libapache-mod-python package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 715 b0716ef2fca40600c41d77c45bcc4167 Size/MD5 checksum: 8261 69110f0e179d5b6f93542233ca6014c4 Size/MD5 checksum: 176639 4d5bee8317bfb45a3bb09f02b435e917 Alpha architecture: Size/MD5 checksum: 120410 64e141ce045b242ce8372b0a2b4be1d7 ARM architecture: Size/MD5 checksum: 118242 d5738e2ae1a50394ad6964c6fc698652 Intel IA-32 architecture: Size/MD5 checksum: 117626 acc4d8975aff9f0df543ba7015781ac3 Intel IA-64 architecture: Size/MD5 checksum: 131522 d7ad903ce69e71242e62ad37b7faa91a HP Precision architecture: Size/MD5 checksum: 120182 6bce263b5cb8b4f4812c56483aa50e37 Motorola 680x0 architecture: Size/MD5 checksum: 118688 3bf883aeee5ad3918b8dc303269f4475 Big endian MIPS architecture: Size/MD5 checksum: 117644 5221344e02f32234c1e889d6d66f6f5d Little endian MIPS architecture: Size/MD5 checksum: 117386 e3acec959d1bfbdfcc10a6faff7c83cf PowerPC architecture: Size/MD5 checksum: 118564 574476da068dc51a89d434506059483b IBM S/390 architecture: Size/MD5 checksum: 119368 a5bf1d308b8fd847af7c22a657316834 Sun Sparc architecture: Size/MD5 checksum: 118498 841af8c2e626a24c182cee27d7e71a24 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org