==========================================================Ubuntu Security Notice USN-731-1 March 10, 2009
apache2 vulnerabilities
CVE-2007-6203, CVE-2007-6420, CVE-2008-1678, CVE-2008-2168,
CVE-2008-2364, CVE-2008-2939
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
apache2-common 2.0.55-4ubuntu2.4
apache2-mpm-perchild 2.0.55-4ubuntu2.4
apache2-mpm-prefork 2.0.55-4ubuntu2.4
apache2-mpm-worker 2.0.55-4ubuntu2.4
Ubuntu 7.10:
apache2-mpm-event 2.2.4-3ubuntu0.2
apache2-mpm-perchild 2.2.4-3ubuntu0.2
apache2-mpm-prefork 2.2.4-3ubuntu0.2
apache2-mpm-worker 2.2.4-3ubuntu0.2
apache2.2-common 2.2.4-3ubuntu0.2
Ubuntu 8.04 LTS:
apache2-mpm-event 2.2.8-1ubuntu0.4
apache2-mpm-perchild 2.2.8-1ubuntu0.4
apache2-mpm-prefork 2.2.8-1ubuntu0.4
apache2-mpm-worker 2.2.8-1ubuntu0.4
apache2.2-common 2.2.8-1ubuntu0.4
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Apache did not sanitize the method specifier header from
an HTTP request when it is returned in an error message, which could result in
browsers becoming vulnerable to cross-site scripting attacks when processing the
output. With cross-site scripting vulnerabilities, if a user were tricked into
viewing server output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data (such as
passwords), within the same domain. This issue only affected Ubuntu 6.06 LTS and
7.10. (CVE-2007-6203)
It was discovered that Apache was vulnerable to a cross-site request forgery
(CSRF) in the mod_proxy_balancer balancer manager. If an Apache administrator
were tricked into clicking a link on a specially crafted web page, an attacker
could trigger commands that could modify the balancer manager configuration.
This issue only affected Ubuntu 7.10 and 8.04 LTS. (CVE-2007-6420)
It was discovered that Apache had a memory leak when using mod_ssl with
compression. A remote attacker could exploit this to exhaust server memory,
leading to a denial of service. This issue only affected Ubuntu 7.10.
(CVE-2008-1678)
It was discovered that in certain conditions, Apache did not specify a default
character set when returning certain error messages containing UTF-7 encoded
data, which could result in browsers becoming vulnerable to cross-site scripting
attacks when processing the output. This issue only affected Ubuntu 6.06 LTS and
7.10. (CVE-2008-2168)
It was discovered that when configured as a proxy server, Apache did not limit
the number of forwarded interim responses. A malicious remote server could send
a large number of interim responses and cause a denial of service via memory
exhaustion. (CVE-2008-2364)
It was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when
they are returned in directory listings, which could result in browsers becoming
vulnerable to cross-site scripting attacks when processing the output.
(CVE-2008-2939)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
Size/MD5: 123478 7a5b444231dc27ee60c1bd63f42420c6
Size/MD5: 1156 4f9a0f31d136914cf7d6e1a92656a47b
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
Size/MD5: 2124948 5153435633998e4190b54eb101afd271
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 833336 d5b9ecf82467eb04a94957321c4a95a2
Size/MD5: 228588 f4b9b82016eb22a60da83ae716fd028a
Size/MD5: 223600 2cf77e3daaadcc4e07da5e19ecac2867
Size/MD5: 228216 60ff106ddefe9b68c055825bcd6ec52f
Size/MD5: 171724 bae5e3d30111e97d34b25594993ad488
Size/MD5: 172508 77bdf00092378c89ae8be7f5139963e0
Size/MD5: 94562 f3a168c57db1f5be11cfdba0bdc20062
Size/MD5: 36618 a7f34da28f7bae0cffb3fdb73da70143
Size/MD5: 286028 a5b380d9c6a651fe043ad2358ef61143
Size/MD5: 144590 9a4031c258cfa264fb8baf305bc0cea6
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 786528 353ed1839a8201d0211ede114565e60d
Size/MD5: 203256 7b0caa06fd47a28a8a92d1b69c0b4667
Size/MD5: 199114 6a77314579722ca085726e4220be4e9f
Size/MD5: 202654 ffad2838e3c8c79ecd7e21f79aa78216
Size/MD5: 171716 771492b2b238424e33e3e7853185c0ca
Size/MD5: 172498 b5f7a4ed03ebafa4c4ff75c05ebf53b7
Size/MD5: 92520 787a673994d746b4ad3788c16516832a
Size/MD5: 36620 4d5f0f18c3035f41cb8234af3cc1092c
Size/MD5: 262082 d6a7111b9f2ed61e1aeb2f18f8713873
Size/MD5: 132518 5a335222829c066cb9a0ddcaeee8a0da
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 859446 cf555341c1a8b4a39808b8a3bd76e03a
Size/MD5: 220622 85b902b9eecf3d40577d9e1e8bf61467
Size/MD5: 216314 146e689e30c6e1681048f6cf1dd659e3
Size/MD5: 220128 10f65b3961a164e070d2f18d610df67b
Size/MD5: 171726 9e341f225cb19d5c44f343cc68c0bba5
Size/MD5: 172512 331dff8d3de7cd694d8e115417bed4f8
Size/MD5: 104284 7ab80f14cd9072d23389e27f934079f3
Size/MD5: 36620 713bfffcca8ec4e9531c635069f1cd0d
Size/MD5: 281600 ad1671807965e2291b5568c7b4e95e14
Size/MD5: 141744 6b04155aa1dbf6f657dbfa27d6086617
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 803706 f14be1535acf528f89d301c8ec092015
Size/MD5: 211028 28b74d86e10301276cadef208b460658
Size/MD5: 206566 6d6b2e1e3e0bbf8fc0a0bcca60a33339
Size/MD5: 210280 45690384f2e7e0a2168d7867283f9145
Size/MD5: 171732 6595a330344087593a9443b9cdf5e4ba
Size/MD5: 172498 f1ac3a442b21db9d2733e8221b218e25
Size/MD5: 93606 f229d1c258363d2d0dfb3688ec96638e
Size/MD5: 36616 6f470e2e17dfc6d587fbe2bf861bfb06
Size/MD5: 268178 5a853d01127853405a677c53dc2bf254
Size/MD5: 130456 a0a51bb9405224948b88903779347427
Updated packages for Ubuntu 7.10:
Source archives:
Size/MD5: 125080 c5c1b91f6918d42a75d23e95799b3707
Size/MD5: 1333 b028e602b998a666681d1aa73b980c06
Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e
Architecture independent packages:
Size/MD5: 2211750 9dc3a7e0431fe603bbd82bf647d2d1f5
Size/MD5: 278670 985dd1538d0d2c6bb74c458eaada1cb7
Size/MD5: 6702036 3cdb5e1a9d22d7172adfd066dd42d71a
Size/MD5: 42846 ba7b0cbf7f33ac3b6321c132bc2fec71
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 457286 b37825dc4bb0215284181aa5dfc9dd44
Size/MD5: 453094 380ea917048a64c2c9bc12d768ac2ffa
Size/MD5: 456804 b075ef4e563a55c7977af4d82d90e493
Size/MD5: 410658 6dff5030f33af340b2100e8591598d9d
Size/MD5: 411244 9c79a2c0a2d4d8a88fae1b3f10d0e27c
Size/MD5: 348256 ef1e159b64fe2524dc94b6ab9e22cefb
Size/MD5: 992256 0e9bac368bc57637079f839bcce8ebbc
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 440388 bdb2ced3ca782cda345fcfb109e8b02a
Size/MD5: 436030 44d372ff590a6e42a83bcd1fb5e546fe
Size/MD5: 439732 5119be595fb6ac6f9dd94d01353da257
Size/MD5: 410656 01be0eca15fe252bbcab7562462af5ca
Size/MD5: 411250 10d8929e9d37050488f2906fde13b2fd
Size/MD5: 347322 d229c56720ae5f1f83645f66e1bfbdf1
Size/MD5: 947460 3dc120127b16134b42e0124a1fdfa4ab
lpia architecture (Low Power Intel Architecture):
Size/MD5: 439896 8e856643ebeed84ffbeb6150f6e917c5
Size/MD5: 435524 ce18d9e09185526c93c6af6db7a6b5cf
Size/MD5: 439180 9622bf2dfee7941533faedd2e2d4ebbd
Size/MD5: 410674 684ad4367bc9250468351b5807dee424
Size/MD5: 411258 17f53e8d3898607ce155dc333237690c
Size/MD5: 347664 1197aa4145372ae6db497fb157cb0da1
Size/MD5: 939924 470a7163e2834781b2db0689750ce0f2
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 458848 4efbbcc96f05a03301a13448f9cb3c01
Size/MD5: 454226 1fe4c7712fd4597ed37730a27df95113
Size/MD5: 458134 5786d901931cecd340cc1879e27bcef7
Size/MD5: 410676 9fc94d5b21a8b0f7f8aab9dc60339abf
Size/MD5: 411266 c44cde12a002910f9df02c10cdd26b0c
Size/MD5: 367392 612ddcebee145f765163a0b30124393a
Size/MD5: 1094288 72fd7d87f4876648d1e14a5022c61b00
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 441650 28e5a2c2d18239c0810b6de3584af221
Size/MD5: 437796 3ee7408c58fbdf8de6bf681970c1c9ad
Size/MD5: 441114 b1b1bb871fe0385ea4418d533f0669aa
Size/MD5: 410676 cf7bed097f63e3c24337813621866498
Size/MD5: 411252 5a30177f7039f52783576e126cf042d0
Size/MD5: 350468 ce216a4e9739966cd2aca4262ba0ea4e
Size/MD5: 959090 98ad8ee7328f25e1e81e110bbfce10c2
Updated packages for Ubuntu 8.04 LTS:
Source archives:
Size/MD5: 132376 1a3c4e93f08a23c3a3323cb02f5963b6
Size/MD5: 1379 ed1a1e5de71b0e35100f60b21f959db4
Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc
Architecture independent packages:
Size/MD5: 1928164 86b52d997fe3e4baf9712be0562eed2d
Size/MD5: 72176 1f4efe37abf317c3c42c4c0a79a4f232
Size/MD5: 6254152 fe271b0e4aa0cf80e99b866c23707b6a
Size/MD5: 45090 3f44651df13cfd495d7c33dda1c709ea
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 252272 3d27b0311303e7c5912538fb7d4fc37c
Size/MD5: 247850 1ce7ff6190c21da119d98b7568f2e5d0
Size/MD5: 251658 ac7bc78b449cf8d28d4c10478c6f1409
Size/MD5: 204658 66e95c370f2662082f3ec41e4a033877
Size/MD5: 205336 6b1e7e0ab97b7dd4470c153275f1109c
Size/MD5: 140940 cad14e08ab48ca8eb06480c0db686779
Size/MD5: 801764 3759103e3417d44bea8866399ba34a66
i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 235194 dddbc62f458d9f1935087a072e1c6f67
Size/MD5: 230748 db0a1dc277de5886655ad7b1cc5b0f1a
Size/MD5: 234542 0e4997e9ed55d6086c439948cf1347ff
Size/MD5: 204672 1f58383838b3b9f066e855af9f4e47e0
Size/MD5: 205348 fa032fc136c5b26ccf364289a93a1cda
Size/MD5: 139904 b503316d420ccb7efae5082368b95e01
Size/MD5: 754788 140fddccc1a6d3dc743d37ab422438c2
lpia architecture (Low Power Intel Architecture):
Size/MD5: 234752 bc06d67259257109fe8fc17204bc9950
Size/MD5: 230424 9421376c8f6d64e5c87af4f484b8aacf
Size/MD5: 233908 179236460d7b7b71dff5e1d1ac9f0509
Size/MD5: 204664 764d773d28d032767d697eec6c6fd50a
Size/MD5: 205342 2891770939b51b1ca6b8ac8ca9142db1
Size/MD5: 140478 4a062088427f1d8b731e06d64eb7e2ea
Size/MD5: 748672 b66dbda7126616894cf97eb93a959af9
powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 253368 bad43203ed4615216bf28f6da7feb81b
Size/MD5: 248800 aa757fd46cd79543a020dcd3c6aa1b26
Size/MD5: 252904 682a940b7f3d14333037c80f7f01c793
Size/MD5: 204678 30af6c826869b647bc60ed2d99cc30f7
Size/MD5: 205376 cd02ca263703a6049a6fe7e11f72c98a
Size/MD5: 157662 df6cdceecb8ae9d25bbd614142da0151
Size/MD5: 904904 34581d1b3c448a5de72a06393557dd48
sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 236418 2eda543f97646f966f5678e2f2a0ba90
Size/MD5: 232386 69e2419f27867b77d94a652a83478ad7
Size/MD5: 235788 414a49286d9e8dd7b343bd9207dc727b
Size/MD5: 204668 f7d099cd9d3ebc0baccbdd896c94a88f
Size/MD5: 205352 0a5cb5dfd823b4e6708a9bcc633a90cd
Size/MD5: 143108 ad78ead4ac992aec97983704b1a3877f
Size/MD5: 763946 0d40a8ebecfef8c1a099f2170fcddb73
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
