------------------------------------------------------------------------
Debian Security Advisory DSA-135-1                   security@debian.org 
Debian -- Security Information  Robert van der Meulen
July  2, 2002
------------------------------------------------------------------------


Package        : libapache-mod-ssl
Problem type   : buffer overflow / DoS
Debian-specific: no

The libapache-mod-ssl package provides SSL capability to the apache
webserver.
Recently, a problem has been found in the handling of .htaccess files,
allowing arbitrary code execution as the web server user (regardless of
ExecCGI / suexec settings), DoS attacks (killing off apache children), and
allowing someone to take control of apache child processes - all trough
specially crafted .htaccess files.
More information about this vulnerability can be found at
 
 

This has been fixed in the libapache-mod-ssl_2.4.10-1.3.9-1potato2 package
(for potato), and the libapache-mod-ssl_2.8.9-2 package (for woody) .
We recommend you upgrade as soon as possible.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.2 alias potato
---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
  Packages for m68k are not available at this moment.

  Source archives:

      
MD5 checksum:	5b2cb207ba8214f52ffbc28836dd8dc4
      
MD5 checksum:	29eef2b3307f00d92eb425ac669dabec
      
MD5 checksum:	cb0f2e07065438396f0d5df403dd2c16

  Architecture independent packages:

      
MD5 checksum:	ebd8154f614e646b3a12980c8db606b6

  alpha architecture (DEC Alpha)

      
MD5 checksum:	a3d73598e692b9c0bb945a52a00a363c

  arm architecture (ARM)
      
MD5 checksum:	11e1085504430cacadd0255a0743b80a

  i386 architecture (Intel ia32)
      
MD5 checksum:	a1fd7d6a7ef3506ee0f94e56735d3d08

  powerpc architecture (PowerPC)
      
MD5 checksum:	0f01742c2a77f2728baea4e1e9ad7ff0

  sparc architecture (Sun SPARC/UltraSPARC)
      
MD5 checksum:	4982a209adc93acbf50a650a3569d217

  These packages will be moved into the stable distribution on its next
  revision.

Debian GNU/Linux 3.0 alias woody
--------------------------------

  Woody will be released for alpha, arm, hppa, i386, ia64, m68k, mips,
  mipsel, powerpc, s390 and sparc.
  Packages for ia64 and hppa are not available for the moment.

  Source archives:

      
MD5 checksum:	7cce5c97bd3cf35c8782d54a25138165
      
MD5 checksum:	fc9f20e6d3bece6f0d3bad067c61d56a

  Architecture independent packages:
      
MD5 checksum:	541257e99c523141625f5fc43fb3dec4

  alpha architecture (DEC Alpha)
      
MD5 checksum:	712e406d8be713047f3e46bbf58269a5

  arm architecture (ARM)
      
MD5 checksum:	8ce3d4d45f45423a6c6b7d795c319d33

  i386 architecture (intel ia32)
      
MD5 checksum:	06733dc49c228230e5713f34eae7f8b0

  m68k architecture
      
MD5 checksum: 	e5a8518aac6d08bb5e9cc50195d336e3

  mips architecture
      
MD5 checksum:	dde883d6ee72f3b29fc324d9cb497670

  mipsel architecture
      
MD5 checksum:	a80756857248358c7973a5b0fb9372e2

  powerpc architecture (PowerPC)
      
MD5 checksum:	715876a54ddddf1e17e4c2ec9d2f5eea

  s390 architecture (S390)
      
MD5 checksum:	1a31f564ceba0ca82d9892d023caffd0

--
----------------------------------------------------------------------------
apt-get: deb  Debian -- Security Information  stable/updates main
dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: 'libapache-mod-ssl' Buffer overflow / DoS

July 2, 2002
Recently, a problem has been found in the handling of .htaccess files,allowing arbitrary code execution as the web server user (regardless ofExecCGI / suexec settings), DoS attacks...

Summary

Package : libapache-mod-ssl
Problem type : buffer overflow / DoS
Debian-specific: no

The libapache-mod-ssl package provides SSL capability to the apache
webserver.
Recently, a problem has been found in the handling of .htaccess files,
allowing arbitrary code execution as the web server user (regardless of
ExecCGI / suexec settings), DoS attacks (killing off apache children), and
allowing someone to take control of apache child processes - all trough
specially crafted .htaccess files.
More information about this vulnerability can be found at



This has been fixed in the libapache-mod-ssl_2.4.10-1.3.9-1potato2 package
(for potato), and the libapache-mod-ssl_2.8.9-2 package (for woody) .
We recommend you upgrade as soon as possible.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.2 alias potato
---------------------------------

Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Packages for m68k are not available at this moment.

Source archives:


MD5 checksum: 5b2cb207ba8214f52ffbc28836dd8dc4

MD5 checksum: 29eef2b3307f00d92eb425ac669dabec

MD5 checksum: cb0f2e07065438396f0d5df403dd2c16

Architecture independent packages:


MD5 checksum: ebd8154f614e646b3a12980c8db606b6

alpha architecture (DEC Alpha)


MD5 checksum: a3d73598e692b9c0bb945a52a00a363c

arm architecture (ARM)

MD5 checksum: 11e1085504430cacadd0255a0743b80a

i386 architecture (Intel ia32)

MD5 checksum: a1fd7d6a7ef3506ee0f94e56735d3d08

powerpc architecture (PowerPC)

MD5 checksum: 0f01742c2a77f2728baea4e1e9ad7ff0

sparc architecture (Sun SPARC/UltraSPARC)

MD5 checksum: 4982a209adc93acbf50a650a3569d217

These packages will be moved into the stable distribution on its next
revision.

Debian GNU/Linux 3.0 alias woody
--------------------------------

Woody will be released for alpha, arm, hppa, i386, ia64, m68k, mips,
mipsel, powerpc, s390 and sparc.
Packages for ia64 and hppa are not available for the moment.

Source archives:


MD5 checksum: 7cce5c97bd3cf35c8782d54a25138165

MD5 checksum: fc9f20e6d3bece6f0d3bad067c61d56a

Architecture independent packages:

MD5 checksum: 541257e99c523141625f5fc43fb3dec4

alpha architecture (DEC Alpha)

MD5 checksum: 712e406d8be713047f3e46bbf58269a5

arm architecture (ARM)

MD5 checksum: 8ce3d4d45f45423a6c6b7d795c319d33

i386 architecture (intel ia32)

MD5 checksum: 06733dc49c228230e5713f34eae7f8b0

m68k architecture

MD5 checksum: e5a8518aac6d08bb5e9cc50195d336e3

mips architecture

MD5 checksum: dde883d6ee72f3b29fc324d9cb497670

mipsel architecture

MD5 checksum: a80756857248358c7973a5b0fb9372e2

powerpc architecture (PowerPC)

MD5 checksum: 715876a54ddddf1e17e4c2ec9d2f5eea

s390 architecture (S390)

MD5 checksum: 1a31f564ceba0ca82d9892d023caffd0

--
----------------------------------------------------------------------------
apt-get: deb Debian -- Security Information stable/updates main
dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org





Severity

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved