Ubuntu 6310 Published by

An Apache2 security update is available for Ubuntu Linux 4.10

==========================================================
Ubuntu Security Notice USN-23-1 November 11, 2004
apache2 vulnerability
CAN-2004-0942
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

apache2-mpm-perchild
apache2-mpm-prefork
apache2-mpm-threadpool
apache2-mpm-worker

The problem can be corrected by upgrading the affected package to version 2.0.50-12ubuntu4.1. In general, a standard system upgrade is sufficient to effect the necessary changes.



Details follow:

Chintan Trivedi discovered a Denial of Service vulnerability in apache2. The field length limit was not enforced for certain malicious requests. This could allow a remote attacker who is able to send large amounts of data to a server to cause HTTP server instances to consume proportional amounts of memory, which can render the service unavailable.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.1.diff.gz
Size/MD5: 97967 cf0c1c891580db78dcc5446a767ac000
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.1.dsc
Size/MD5: 1151 0a7f762f4626fde4e303c1cc4d9ba78c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50.orig.tar.gz
Size/MD5: 6321209 9d0767f8a1344229569fcd8272156f8b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.50-12ubuntu4.1_all.deb
Size/MD5: 3178054 82b91224019b7e1ebcb04ce6dab1839d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.50-12ubuntu4.1_all.deb
Size/MD5: 163482 755fa2140e2cbc1242c56525614555a2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.50-12ubuntu4.1_all.deb
Size/MD5: 164232 e79331594b1b564c3fa7d71ff01a3db7

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.1_amd64.deb
Size/MD5: 864366 b9d51742d0d08c0f1afd96ad2ae691da
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.1_amd64.deb
Size/MD5: 230102 d0b900d7e94f54e102492328c58d1893
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.1_amd64.deb
Size/MD5: 225242 fd5d08467e04612d7e0094502c9b6565
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.1_amd64.deb
Size/MD5: 228684 c40e8b7c350bc15339404a906a7901a0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.1_amd64.deb
Size/MD5: 229262 1cfd8eb69f072c2cfd2b4c2cca68814b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.1_amd64.deb
Size/MD5: 29710 cfcf4d17b8d836b58abdd6afc85913ec
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.1_amd64.deb
Size/MD5: 275206 ccaea19446f99022bcd3d8c7006d861e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.1_amd64.deb
Size/MD5: 133148 0fa8b4ab41df7319e233ac142e08c938

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.1_i386.deb
Size/MD5: 825680 823bf43c10f5afb125458c02e06bd422
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.1_i386.deb
Size/MD5: 209084 f7114acd490b347bcc175f30b1d496da
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.1_i386.deb
Size/MD5: 205306 8815b7c99177c33edfa94ba5c0359416
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.1_i386.deb
Size/MD5: 207946 193b3f6c0710dc80b8acf08b951bc2f6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.1_i386.deb
Size/MD5: 208388 7d11333a5ec1876f99030dd958c9a43f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.1_i386.deb
Size/MD5: 29706 af8f749040fca22310e315d310331ce1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.1_i386.deb
Size/MD5: 253176 9c4587c217ba98d6b63b50d18f5a7ba6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.1_i386.deb
Size/MD5: 123872 5367a153ef8c66a4307b1250b3321d7f

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.50-12ubuntu4.1_powerpc.deb
Size/MD5: 903480 12c41213108120eabb9cafd2ab97af79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.50-12ubuntu4.1_powerpc.deb
Size/MD5: 222718 5054b3fc46baeea33ccb1c7677c49097
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.50-12ubuntu4.1_powerpc.deb
Size/MD5: 217722 79d6763364edccb0571a9918e9e7f595
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-threadpool_2.0.50-12ubuntu4.1_powerpc.deb
Size/MD5: 220892 01df3447f3668931d3ee7f3a055d1b88
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.50-12ubuntu4.1_powerpc.deb
Size/MD5: 221500 62851f812cba3ee3df558cdcc3ab5d33
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.50-12ubuntu4.1_powerpc.deb
Size/MD5: 29716 8148f425dac482351c32fbce31b37e8b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.50-12ubuntu4.1_powerpc.deb
Size/MD5: 268974 71585a0eee76b026e0623f526da43fc0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.50-12ubuntu4.1_powerpc.deb
Size/MD5: 130482 16e3a998f505e6a8dc0c8c48909c4886