Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-65-1: Apache utility script vulnerability
Posted by Philipp Esselbach on: 01/19/2005 03:40 PM [ Print | 0 comment(s) ]
An updated Apache utility script has been released for Ubuntu Linux 4.10
===========================================================
Ubuntu Security Notice USN-65-1 January 19, 2005
apache vulnerabilities
http://bugs.debian.org/290974
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
apache-utils
The problem can be corrected by upgrading the affected package to version 1.3.31-6ubuntu0.4. In general, a standard system upgrade is sufficient to effect the necessary changes.
===========================================================
Ubuntu Security Notice USN-65-1 January 19, 2005
apache vulnerabilities
http://bugs.debian.org/290974
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
apache-utils
The problem can be corrected by upgrading the affected package to version 1.3.31-6ubuntu0.4. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Javier Fernandez-Sanguino Pefa noticed that the "check_forensic" script created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubu
ntu0.4.diff.gz
Size/MD5: 369655 7ec465eece404f6ddd1d45a8292b1fe6
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubu
ntu0.4.dsc
Size/MD5: 1102 9165d920ac5f269f5abf886ee392613c
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31.orig
.tar.gz
Size/MD5: 3104170 ca475fbb40087eb157ec51334f260d1b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-dev_1.3.31-
6ubuntu0.4_all.deb
Size/MD5: 329424 f05e89912051a57e3a0f4b439d813bcf
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-doc_1.3
.31-6ubuntu0.4_all.deb
Size/MD5: 1186432 b7490f2099b1bd5b512cb2dba9fc3fcf
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.
31-6ubuntu0.4_amd64.deb
Size/MD5: 873090 4de4ad38fa7021c3666349134f3f3939
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3
.31-6ubuntu0.4_amd64.deb
Size/MD5: 9131010 8dfb8f02f5cd07223069a08c3156a015
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.
3.31-6ubuntu0.4_amd64.deb
Size/MD5: 520354 81033c5317f6d50b69a796df54f56f90
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3
.31-6ubuntu0.4_amd64.deb
Size/MD5: 510288 f986a142140d051b3d2590e7add86a54
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.3
1-6ubuntu0.4_amd64.deb
Size/MD5: 271078 bcb58f9b5a102f4109a0e6bd7b80a1c1
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-
6ubuntu0.4_amd64.deb
Size/MD5: 397916 6f039537fd6365bd5627a6004f445e45
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-
perl_1.29.0.2-14ubuntu0.1_amd64.deb
Size/MD5: 491306 86f3c435f888d78e6a03456af0eb7101
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.
31-6ubuntu0.4_i386.deb
Size/MD5: 838326 6e8c39afade6e140502592602c180f81
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3
.31-6ubuntu0.4_i386.deb
Size/MD5: 9080282 3555a952ded8b3370691d8585163587a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.
3.31-6ubuntu0.4_i386.deb
Size/MD5: 494050 62489a77ba210430b8803aea05be968c
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3
.31-6ubuntu0.4_i386.deb
Size/MD5: 483720 5cc3c2014e2b30b1a0906c2748d6bef3
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.3
1-6ubuntu0.4_i386.deb
Size/MD5: 264974 65e6aed85dd4ac7c1485f8eae951788f
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-
6ubuntu0.4_i386.deb
Size/MD5: 377152 55d3b656566987d140d2677d1c0de61c
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-
perl_1.29.0.2-14ubuntu0.1_i386.deb
Size/MD5: 484640 da71290705c6f6f6faf1d6dc254bf4a6
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.
31-6ubuntu0.4_powerpc.deb
Size/MD5: 917362 652d1cd08236a6557e44d87b67e4dd16
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3
.31-6ubuntu0.4_powerpc.deb
Size/MD5: 9225702 033e91323439c25a000b604423d71d46
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.
3.31-6ubuntu0.4_powerpc.deb
Size/MD5: 511036 e66e2283e7a70758989198fbf9ebb613
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3
.31-6ubuntu0.4_powerpc.deb
Size/MD5: 506852 a8bd4a1633e5d6c8ba51d01134fee992
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.3
1-6ubuntu0.4_powerpc.deb
Size/MD5: 278286 b25fd9ebbeeafeeb3867828251218d08
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-
6ubuntu0.4_powerpc.deb
Size/MD5: 395396 4eafd593de2508a0c574929718476320
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-
perl_1.29.0.2-14ubuntu0.1_powerpc.deb
Size/MD5: 488664 74541bd75de68e04a43cf61c3c7a276f
Javier Fernandez-Sanguino Pefa noticed that the "check_forensic" script created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubu
ntu0.4.diff.gz
Size/MD5: 369655 7ec465eece404f6ddd1d45a8292b1fe6
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31-6ubu
ntu0.4.dsc
Size/MD5: 1102 9165d920ac5f269f5abf886ee392613c
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache_1.3.31.orig
.tar.gz
Size/MD5: 3104170 ca475fbb40087eb157ec51334f260d1b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-dev_1.3.31-
6ubuntu0.4_all.deb
Size/MD5: 329424 f05e89912051a57e3a0f4b439d813bcf
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-doc_1.3
.31-6ubuntu0.4_all.deb
Size/MD5: 1186432 b7490f2099b1bd5b512cb2dba9fc3fcf
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.
31-6ubuntu0.4_amd64.deb
Size/MD5: 873090 4de4ad38fa7021c3666349134f3f3939
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3
.31-6ubuntu0.4_amd64.deb
Size/MD5: 9131010 8dfb8f02f5cd07223069a08c3156a015
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.
3.31-6ubuntu0.4_amd64.deb
Size/MD5: 520354 81033c5317f6d50b69a796df54f56f90
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3
.31-6ubuntu0.4_amd64.deb
Size/MD5: 510288 f986a142140d051b3d2590e7add86a54
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.3
1-6ubuntu0.4_amd64.deb
Size/MD5: 271078 bcb58f9b5a102f4109a0e6bd7b80a1c1
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-
6ubuntu0.4_amd64.deb
Size/MD5: 397916 6f039537fd6365bd5627a6004f445e45
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-
perl_1.29.0.2-14ubuntu0.1_amd64.deb
Size/MD5: 491306 86f3c435f888d78e6a03456af0eb7101
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.
31-6ubuntu0.4_i386.deb
Size/MD5: 838326 6e8c39afade6e140502592602c180f81
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3
.31-6ubuntu0.4_i386.deb
Size/MD5: 9080282 3555a952ded8b3370691d8585163587a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.
3.31-6ubuntu0.4_i386.deb
Size/MD5: 494050 62489a77ba210430b8803aea05be968c
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3
.31-6ubuntu0.4_i386.deb
Size/MD5: 483720 5cc3c2014e2b30b1a0906c2748d6bef3
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.3
1-6ubuntu0.4_i386.deb
Size/MD5: 264974 65e6aed85dd4ac7c1485f8eae951788f
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-
6ubuntu0.4_i386.deb
Size/MD5: 377152 55d3b656566987d140d2677d1c0de61c
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-
perl_1.29.0.2-14ubuntu0.1_i386.deb
Size/MD5: 484640 da71290705c6f6f6faf1d6dc254bf4a6
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-common_1.3.
31-6ubuntu0.4_powerpc.deb
Size/MD5: 917362 652d1cd08236a6557e44d87b67e4dd16
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-dbg_1.3
.31-6ubuntu0.4_powerpc.deb
Size/MD5: 9225702 033e91323439c25a000b604423d71d46
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-perl_1.
3.31-6ubuntu0.4_powerpc.deb
Size/MD5: 511036 e66e2283e7a70758989198fbf9ebb613
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache-ssl_1.3
.31-6ubuntu0.4_powerpc.deb
Size/MD5: 506852 a8bd4a1633e5d6c8ba51d01134fee992
http://security.ubuntu.com/ubuntu/pool/main/a/apache/apache-utils_1.3.3
1-6ubuntu0.4_powerpc.deb
Size/MD5: 278286 b25fd9ebbeeafeeb3867828251218d08
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/apache_1.3.31-
6ubuntu0.4_powerpc.deb
Size/MD5: 395396 4eafd593de2508a0c574929718476320
http://security.ubuntu.com/ubuntu/pool/universe/a/apache/libapache-mod-
perl_1.29.0.2-14ubuntu0.1_powerpc.deb
Size/MD5: 488664 74541bd75de68e04a43cf61c3c7a276f
