=========================================================== 
Ubuntu Security Notice USN-499-1            August 16, 2007
apache2 vulnerabilities
CVE-2006-5752, CVE-2007-1863, CVE-2007-3304
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  apache2-common                           2.0.55-4ubuntu2.2
  apache2-mpm-prefork                      2.0.55-4ubuntu2.2
  apache2-mpm-worker                       2.0.55-4ubuntu2.2

Ubuntu 6.10:
  apache2-common                           2.0.55-4ubuntu4.1
  apache2-mpm-prefork                      2.0.55-4ubuntu4.1
  apache2-mpm-worker                       2.0.55-4ubuntu4.1

Ubuntu 7.04:
  apache2-mpm-prefork                      2.2.3-3.2ubuntu0.1
  apache2-mpm-worker                       2.2.3-3.2ubuntu0.1
  apache2.2-common                         2.2.3-3.2ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Stefan Esser discovered that mod_status did not force a character set,
which could result in browsers becoming vulnerable to XSS attacks when
processing the output.  If a user were tricked into viewing server
status output during a crafted server request, a remote attacker could
exploit this to modify the contents, or steal confidential data (such as
passwords), within the same domain.  By default, mod_status is disabled
in Ubuntu. (CVE-2006-5752)

Niklas Edmundsson discovered that the mod_cache module could be made to
crash using a specially crafted request.  A remote user could use this
to cause a denial of service if Apache was configured to use a threaded
worker.  By default, mod_cache is disabled in Ubuntu. (CVE-2007-1863)

A flaw was discovered in the signal handling of Apache.  A local
attacker could trick Apache into sending SIGUSR1 to other processes.
The vulnerable code was only present in Ubuntu Feisty. (CVE-2007-3304)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   115882 e94e45574e3b131d3a9a0e07e193f1e5
          Size/MD5:     1148 c2bc143625fbf8ca59fea300845c5a42
          Size/MD5:  6092031 45e32c9432a8e3cf4227f5af91b03622

  Architecture independent packages:

          Size/MD5:  2124364 9b8ca5d5757c63f5ee6bbd507f0a8357

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   833000 be4c7770c725f5f4401ca06d1347211f
          Size/MD5:   227832 41c12dfe84f109e6544a33e4e1d791a8
          Size/MD5:   222934 7e4d072bad27239e366a6eda94c09190
          Size/MD5:   227576 8fc59f78a3fa0e5d6dac81e875039bda
          Size/MD5:   171082 4318f93373b705563251f377ed398614
          Size/MD5:   171860 257f4183d70be5a00546c39c5a18f108
          Size/MD5:    93916 695cee55f91ceb9424abe31d8b6ee1dd
          Size/MD5:    35902 00c1082a77ff1d863f72874c4472a26d
          Size/MD5:   285336 0a8510634b21f56f0d9619aa6fc9cec9
          Size/MD5:   143952 d75f83ac219bce95a15a8f44b82b8ea7

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   786186 4e78fa0d438867194f66b11b4eb6fc2e
          Size/MD5:   202448 74cf60884e18c1fc93f157010a15b12c
          Size/MD5:   198456 209a0b92995fec453ed4c2c181e3e555
          Size/MD5:   202038 6cbd437caf993fa2b2b38369cd3d5863
          Size/MD5:   171074 0a5a26aa58af7aa2d51d1cf5d7c543d6
          Size/MD5:   171848 af9ca78febc5bc0c7936296dab958349
          Size/MD5:    91884 2857d60b507b28c736f83815c9f3d1b8
          Size/MD5:    35906 202b5b233af0d26e29ca7302cf7fd04c
          Size/MD5:   261418 c90342706ac26682d15032a5ba5cb51a
          Size/MD5:   131850 951a4573901bc2f10d5febf940d57516

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   859126 afdd8642ca447fc9dc70dfed92be0fa6
          Size/MD5:   219898 6d9c9f924d2356bf9d3438a280870a7d
          Size/MD5:   215602 dd554132cdea0f860e01cf5d4e0dbc7c
          Size/MD5:   219378 7a1f4b325dacef287c901fa66680c04e
          Size/MD5:   171096 a0e2547d38ef1b84dc419d69e42ffa0b
          Size/MD5:   171864 200ab662b2c13786658486df37fda881
          Size/MD5:   103628 ae36642fbd4698bb362fa4bf9417b0e3
          Size/MD5:    35910 358027282f2f19451d3aa784dc0474dc
          Size/MD5:   280950 0d9b56ec076da25e2a03f6d3c6445057
          Size/MD5:   141074 f5d3d5e0e5911e0c0156ae55af50f87b

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:   803440 d66da6a91c08956c3c5062668349ef41
          Size/MD5:   209970 57f0a8f823a4502ee9a2608e3181cc81
          Size/MD5:   205582 1dcfb0df796e85c409f614544ea589fe
          Size/MD5:   209330 6bf7ae824eea35d3487febef384fce91
          Size/MD5:   171080 1088337f4abcb6c8f65751b6120c2307
          Size/MD5:   171868 5cda04cd73a9c6d8dfc18abd55c09ebd
          Size/MD5:    92972 850ab3bb0904e8fe9b6255c42ba7f84c
          Size/MD5:    35904 7af260b95c4faa17ef34810fed888caf
          Size/MD5:   267550 08182a8a2cab00fc0e6bca2cccf5165f
          Size/MD5:   129760 a60606c6d2f12209b0bdae997be4a13f

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:   116265 2732761b18dfb3c2cd1aa0b54c2cf623
          Size/MD5:     1148 4b9c4612469c521db0c5fdbe2f6b9b25
          Size/MD5:  6092031 45e32c9432a8e3cf4227f5af91b03622

  Architecture independent packages:

          Size/MD5:  2124550 8d5c30342b35f9fd595fb09d7659b6fc

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   836342 2c4ba483b0b20fdc2d43819109177941
          Size/MD5:   227390 e61cc1998f5b8f2c44dce587e59d288a
          Size/MD5:   222376 6bdbff7f7f80fd464d1e3ec52d6e7171
          Size/MD5:   226848 4356b4caf2b40f364c8893c41b9f9355
          Size/MD5:   171304 c4395af051e876228541ef5b8037d979
          Size/MD5:   172074 99dadc4ad0f0947f9368d89f4589d95a
          Size/MD5:    94204 30f3bb8c72575fe93940ecc730b8e4b6
          Size/MD5:    36152 ea3cbefcbee7e2f6e5555edb44733ad9
          Size/MD5:   286544 d555931490d44d93bec31c4bfc19ed12
          Size/MD5:   145014 3e06ceb0a55598d82f9f781c44e210b3

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   806938 050bb7665332d3761e1a8e47939fa507
          Size/MD5:   209556 ee530b24aba8838001ebb6c901bc90cd
          Size/MD5:   205718 b52a17c63909eae3c49bad0ab1958f4b
          Size/MD5:   209158 1844fa5e09224a90944f8b886ddb5a2a
          Size/MD5:   171296 9de8aba41f7e3d60f41536ca712adebb
          Size/MD5:   172078 01ccd554177364747b08e2933f121d2c
          Size/MD5:    93240 4573597317416869646eb2ea42cd0945
          Size/MD5:    36150 77666d65bade6a91bd58826c79f11dc9
          Size/MD5:   266390 a3963d8e76f6865404f7fadb47880c87
          Size/MD5:   137604 387f6bcdaa58dbbe53082241b3231844

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   865372 27d7f1de1fcb2114d3f3b0a774302488
          Size/MD5:   221542 1ae8fa5cf4b77f3b2aa054e2886e587e
          Size/MD5:   217044 9134983c40107f79fcac8d1eacbc7117
          Size/MD5:   221324 b435dc09c63ecbcd564a0923a8f07350
          Size/MD5:   171296 6d2a0abfb7a1daaeae56559eeb322dcb
          Size/MD5:   172064 ecc2037409554ea43c5a6848aa510c76
          Size/MD5:   104654 d0957d8df044c4a34437241792ed97d1
          Size/MD5:    36148 34e102e1d2e1c6a6f31801dfb98cb82a
          Size/MD5:   284548 c8f325ccc42cbe77191d4ddd9abc2a4e
          Size/MD5:   144238 82cfbfcec5fc4931078145af8947c035

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:   811594 d8548e537fd81994bbb638e105dfbf8b
          Size/MD5:   212160 81cd0197ff89b79c967c1074ede9f8d7
          Size/MD5:   207870 5d80ed8dc39b0d4d59fccb747624a684
          Size/MD5:   211578 9407383d85db831dab728b39cce9acc8
          Size/MD5:   171294 5e4d695a99bdc1fdfb0bfcef8b91d03d
          Size/MD5:   172064 06e3e765d799e281dba7329ff9d9e138
          Size/MD5:    93796 1048b47b289fb2047fa9ac7ebbe94a57
          Size/MD5:    36150 0d106a177aa4271b1cfc0e96eec1a748
          Size/MD5:   268444 3912123e7c71cc638132305ca89fe23b
          Size/MD5:   130626 f4444e0239c2da7d3c31e3486606f95a

Updated packages for Ubuntu 7.04:

  Source archives:

          Size/MD5:   112120 f7b1a17718aed7ca73da3a6d7aad06b0
          Size/MD5:     1128 e82b1bee591fff50d6673ed1a443e543
          Size/MD5:  6342475 f72ffb176e2dc7b322be16508c09f63c

  Architecture independent packages:

          Size/MD5:  2199184 c03756f87cb164213428532f70e0c198
          Size/MD5:   272064 5be351f491f8d1aae9a270d1214e93e3
          Size/MD5:  6674104 bdbabf8f478562f0e003737e977ffc7b
          Size/MD5:    38668 9f0c7c01e8441285c084002eb4619065

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

          Size/MD5:   449624 1b54a8000c40eaaa0f9e31527b9bb180
          Size/MD5:   445346 d15625641a3247fbf5d9d9b9aed34968
          Size/MD5:   449208 55f39c28a4de98d53f80231aeb7d6c59
          Size/MD5:   403570 0042c75be8a2d128d62b79398deaefa8
          Size/MD5:   404138 929772b95ea67f338ad423a65b2b7011
          Size/MD5:   341312 906819b0de863209575aa65d39a594a5
          Size/MD5:   971462 f85e32c5f6437ce149553aee97ffd934

  i386 architecture (x86 compatible Intel/AMD)

          Size/MD5:   432922 c1b81ac7dc7b7a0b2261fd10d9bcf5c6
          Size/MD5:   428856 f506f2a9dd2dbd5c2d3f72a476cc3537
          Size/MD5:   432314 a5a11947ad8cf14604efa7ddcfd20bfe
          Size/MD5:   403574 da84a3a99276f14a11ac892ce7eee170
          Size/MD5:   404138 0fdd43a53e6957aa3a348a7bd9c876f5
          Size/MD5:   340396 88a0ddbc58335416d91c9f10adc9d5f5
          Size/MD5:   929716 138d58487b882e6002e3c5e4a9489add

  powerpc architecture (Apple Macintosh G3/G4/G5)

          Size/MD5:   451530 ddc437092ef642fcd396713cd1972f4c
          Size/MD5:   446960 af1b667708e062f81bca4e995355394d
          Size/MD5:   450940 ed9f31ec5045a88446115987c6e97655
          Size/MD5:   403574 65801ab51335a15dc370b9341a0e50dd
          Size/MD5:   404146 fd35e65fadd836feb0190b209947b466
          Size/MD5:   360518 b74bc9eead429cd8f0ebecd6a94e5edb
          Size/MD5:  1073812 376fe5b1ee383a6d870eea5dd3c6a704

  sparc architecture (Sun SPARC/UltraSPARC)

          Size/MD5:   434408 c70ef2e9aed191fe53886ceb3725596e
          Size/MD5:   430574 7b690896da23a151ee5e106d596c1143
          Size/MD5:   433918 cc01edfcfc673ba9a86c83fcc66e6870
          Size/MD5:   403568 a7660cff70394403c764cf8f30c7298a
          Size/MD5:   404136 b8587d5eba0be59a6576d6cf645b2122
          Size/MD5:   343370 1572a001a612add57d23350210ac1736
          Size/MD5:   938586 b74a91fcfbb0503355e94981310bd1ce

Ubuntu: Apache vulnerabilities USN-499-1

August 20, 2007
Stefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-499-1 August 16, 2007

Package Information

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved