security advisorybuffer overflowdebian
Recently, a problem has been found in the handling of .htaccess files,allowing arbitrary code execution as the web server user (regardless ofExecCGI / suexec settings), DoS attacks (killing off apache children), andallowing someone to take control of apache child processes - all troughspecially crafted .htaccess files.. ------------------------------------------------------------------------ Debian Security Advisory DSA-135-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Robert van der Meulen July 2, 2002 ------------------------------------------------------------------------ Package : libapache-mod-ssl Problem type : buffer overflow / DoS Debian-specific: no The libapache-mod-ssl package provides SSL capability to the apache webserver. Recently, a problem has been found in the handling of .htaccess files, allowing arbitrary code execution as the web server user (regardless of ExecCGI / suexec settings), DoS attacks (killing off apache children), and allowing someone to take control of apache child processes - all trough specially crafted .htaccess files. More information about this vulnerability can be found at This has been fixed in the libapache-mod-ssl_2.4.10-1.3.9-1potato2 package (for potato), and the libapache-mod-ssl_2.8.9-2 package (for woody) . We recommend you upgrade as soon as possible. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.2 alias potato --------------------------------- Potato was released for alpha, arm, i386, m68k, powerpc and sparc. Packages for m68k are not available at this moment. Source archives: MD5 checksum: 5b2cb207ba8214f52ffbc28836dd8dc4 MD5 checksum: 29eef2b3307f00d92eb425ac669dabec MD5 checksum: cb0f2e07065438396f0d5df403dd2c16 Architecture independent packages: MD5 checksum: ebd8154f614e646b3a12980c8db606b6 alpha architecture (DEC Alpha) MD5 checksum: a3d73598e692b9c0bb945a52a00a363c armarchitecture (ARM) MD5 checksum: 11e1085504430cacadd0255a0743b80a i386 architecture (Intel ia32) MD5 checksum: a1fd7d6a7ef3506ee0f94e56735d3d08 powerpc architecture (PowerPC) MD5 checksum: 0f01742c2a77f2728baea4e1e9ad7ff0 sparc architecture (Sun SPARC/UltraSPARC) MD5 checksum: 4982a209adc93acbf50a650a3569d217 These packages will be moved into the stable distribution on its next revision. Debian GNU/Linux 3.0 alias woody -------------------------------- Woody will be released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Packages for ia64 and hppa are not available for the moment. Source archives: MD5 checksum: 7cce5c97bd3cf35c8782d54a25138165 MD5 checksum: fc9f20e6d3bece6f0d3bad067c61d56a Architecture independent packages: MD5 checksum: 541257e99c523141625f5fc43fb3dec4 alpha architecture (DEC Alpha) MD5 checksum: 712e406d8be713047f3e46bbf58269a5 arm architecture (ARM) MD5 checksum: 8ce3d4d45f45423a6c6b7d795c319d33 i386 architecture (intel ia32) MD5 checksum: 06733dc49c228230e5713f34eae7f8b0 m68k architecture MD5 checksum: e5a8518aac6d08bb5e9cc50195d336e3 mips architecture MD5 checksum: dde883d6ee72f3b29fc324d9cb497670 mipsel architecture MD5 checksum: a80756857248358c7973a5b0fb9372e2 powerpc architecture (PowerPC) MD5 checksum: 715876a54ddddf1e17e4c2ec9d2f5eea s390 architecture (S390) MD5 checksum: 1a31f564ceba0ca82d9892d023caffd0 -- ---------------------------------------------------------------------------- apt-get: deb Debian -- Security Information stable/updates main dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . A critical DoS issue in libapache-mod-ssl affects Debian users; update now to protect against exploits!. libapache-mod-ssl, buffer overflow, DoS attack, security advisory. . Severity: Critical. LinuxSecurity.com Team
Jul 02, 2002
•Critical
Debian
Refine advisories
