USN-239-1: libapache2-mod-auth-pgsql vulnerability
Posted on: 01/09/2006 10:32 AM

A new libapache2-mod-auth-pgsql vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-239-1 January 09, 2006
libapache2-mod-auth-pgsql vulnerability
CVE-2005-3656
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libapache2-mod-auth-pgsql

The problem can be corrected by upgrading the affected package to
version 2.0.2b1-2ubuntu0.1 (for Ubuntu 4.10), 2.0.2b1-5ubuntu0.1 (for
Ubuntu 5.04), or 2.0.2b1-6ubuntu0.1 (for Ubuntu 5.10). After a
standard system upgrade you need to restart the Apache 2 server to
effect the necessary changes:

sudo /etc/init.d/apache2 restart

Details follow:

Several format string vulnerabilities were discovered in the error
logging handling. By sending specially crafted user names, an
unauthenticated remote attacker could exploit this to crash the Apache
server or possibly even execute arbitrary code with the privileges of
Apache (user 'www-data').

Updated packages for Ubuntu 4.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-2ubuntu0.1.diff.gz
Size/MD5: 3333 92b6b02989c62a28214e6691ff09bb50
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-2ubuntu0.1.dsc
Size/MD5: 709 d4c469c2bc7fe0735ba9f59a504ff554
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1.orig.tar.gz
Size/MD5: 15928 e2c032df0cd7e4a46381dcf6e488efe9

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-2ubuntu0.1_amd64.deb
Size/MD5: 19802 b1e6729a94175772ee2cac63ea2da13d

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-2ubuntu0.1_i386.deb
Size/MD5: 18974 178de9440075d3694ed1f4af72773daa

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-2ubuntu0.1_powerpc.deb
Size/MD5: 20368 e872d0f306e7906b9d4205b9e24eff8e

Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5ubuntu0.1.diff.gz
Size/MD5: 5078 c95a57458bc15935390275860fc65894
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5ubuntu0.1.dsc
Size/MD5: 724 d32ade3227241ac2b26d70f755d0bdfe
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1.orig.tar.gz
Size/MD5: 15928 e2c032df0cd7e4a46381dcf6e488efe9

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5ubuntu0.1_amd64.deb
Size/MD5: 20104 4c7840fa3e2c912f926e025be838b011

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5ubuntu0.1_i386.deb
Size/MD5: 19270 e07b1d6409abe38dc4fa3f67701846e1

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5ubuntu0.1_powerpc.deb
Size/MD5: 20738 b6feefa3f30174ae9368af78eed30b6f

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-6ubuntu0.1.diff.gz
Size/MD5: 5173 33ce214fcaa05c8bde42809d9407368b
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-6ubuntu0.1.dsc
Size/MD5: 708 ded1588c8d8cf28128cde3d71f567201
http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1.orig.tar.gz
Size/MD5: 15928 e2c032df0cd7e4a46381dcf6e488efe9

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-6ubuntu0.1_amd64.deb
Size/MD5: 20348 68f6cfd60cbf7e6f2cad792bfaf5177a

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-6ubuntu0.1_i386.deb
Size/MD5: 19092 52712f3b790ea61ef60aa8734d55baac

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-6ubuntu0.1_powerpc.deb
Size/MD5: 21122 69d5ec8ec12d43c03dead9fee1135bab

--dDRMvlgZJXvWKvBx
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDwhviDecnbV4Fd/IRAmpQAJ4xQNc4vEGb+9m0paWOD/U+On0k7QCg0/dw
qe/oAOPCPtLXuLs93PPJchM=
=P/zO
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_239_1_libapache2_mod_auth_pgsql_vulnerability.html)