From martin.pitt@canonical.com Tue Aug 30 04:02:01 2005 From: Martin Pitt To: ubuntu-security-announce@lists.ubuntu.com Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com Date: Tue, 30 Aug 2005 09:37:58 +0200 Subject: [Full-disclosure] [USN-173-3] Fixed apache2 packages for USN-173-2 =========================================================== Ubuntu Security Notice USN-173-3 August 30, 2005 apache2 bug fix https://bugzilla.ubuntu.com/show_bug.cgi?id=14209 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: apache2 apache2-mpm-perchild apache2-mpm-prefork apache2-mpm-threadpool apache2-mpm-worker The problem can be corrected by upgrading the affected package to version 2.0.50-12ubuntu4.6. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-173-2 fixed a vulnerability in Apache's regular expression parser. However, the packages from that advisories had a bug that prevented Apache from starting. This update fixes this. We apologize for the inconvenience! Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.5.diff.gz Size/MD5: 99882 ba75cdce6b8d9b676db0f3f3077d6cef http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.5.dsc Size/MD5: 1151 c7c07a7eec977385e707df1430fd8976 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.6.diff.gz Size/MD5: 99942 d3808b6a89224afbbb844b403bedeea1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.6.dsc Size/MD5: 1151 05f6d44fa32835b96aac9ad1b3f61a53 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50.orig.tar.gz Size/MD5: 6321209 9d0767f8a1344229569fcd8272156f8b Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.50-12ubuntu4.6_all.deb Size/MD5: 3178580 b9e4b27be0c87c6496b4bd1fba6a2206 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.50-12ubuntu4.6_all.deb Size/MD5: 163980 dd0ffcd15f73528786472e9d7105170f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.50-12ubuntu4.6_all.deb Size/MD5: 164728 cb81b3ff102702047547f7483eb43599 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.6_amd64.deb Size/MD5: 864894 5c80221b63d06bd29d40809c1c6cda06 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.6_amd64.deb Size/MD5: 230608 3142f227e3b2aea23b13fa52af3d9ab8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.6_amd64.deb Size/MD5: 225820 569b3ae00b21e377ce36956adda4438b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.6_amd64.deb Size/MD5: 229206 ef6c0a16e31dc9ade5d0ab2921dc8cb7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.6_amd64.deb Size/MD5: 229792 2cf2124ce1e968859e6f8948e31ebd5d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.6_amd64.deb Size/MD5: 30218 f0f6b693acf1c58bfa339c3c3609f470 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.6_amd64.deb Size/MD5: 275718 f0cdf8df63ac7b536286317c3a952ef9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.6_amd64.deb Size/MD5: 133664 d99f9a42075861b9576ff30b8a492fd7 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.6_i386.deb Size/MD5: 826316 2de9161ae1be77b309d8b36a59e39668 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.6_i386.deb Size/MD5: 209618 a03533480dee36fa8bccf4829ca7cbe4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.6_i386.deb Size/MD5: 205824 135a731068362a3355a14f083b10debf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.6_i386.deb Size/MD5: 208470 f4c9e5097975cc5764f8132e8428e9c8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.6_i386.deb Size/MD5: 208892 b2baecaff56787234c6ac23f7f1a6c91 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.6_i386.deb Size/MD5: 30216 e7d9586600d10c6b7402759cf804f56a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.6_i386.deb Size/MD5: 253674 e8ff58d9d144cf66df8535868668e3d5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.6_i386.deb Size/MD5: 124396 d2dc8f3aa69c032d36a253f460f968e3 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.6_powerpc.deb Size/MD5: 904116 877a379b0b9a7e9b30ca957d59b521d5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.6_powerpc.deb Size/MD5: 223174 94733a13950b8003a2c4eed9eb8891a9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.6_powerpc.deb Size/MD5: 218222 f0e634c364da387fb5ce25bbf5d4ee30 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.6_powerpc.deb Size/MD5: 221360 98ab87591d0d3c056ee743d89ce021e4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.6_powerpc.deb Size/MD5: 222028 dd83ac0f7d4357287a8de32ab8cd5f0f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.6_powerpc.deb Size/MD5: 30222 27d671228a56cc3e30873ffbc019e371 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.6_powerpc.deb Size/MD5: 269472 96c902979c63e587c0c1d96d3cf9113f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.6_powerpc.deb Size/MD5: 131000 48382af5f24dec72a14d1c6261b6ffe5 [ Part 1.2, "Digital signature" Application/PGP-SIGNATURE ] [ 196bytes. ] [ Unable to print this part. ] [ Part 2: "Attached Text" ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/