Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution

To: Steve Suehring <dsec@braingia.org>
Cc: adam-debian-security@gmi.com, debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution
From: Lupe Christoph <lupe@lupe-christoph.de>
Date: Thu, 18 Nov 2004 11:04:34 +0100
Message-id: <1100772274.419c73b272e26@buexe.b-5.de>
In-reply-to: <20041118012628.GA25576@mail.braingia.org>
References: <20041118011300.GA25381@mail.braingia.org> <20041118012628.GA25576@mail.braingia.org>

Quoting Steve Suehring <dsec@braingia.org>:

> If I'm not mistaken the vulnerabilities existed in two files found in
> apache-common.  Since apache-common is a prerequisite for apache-ssl,
> updating apache-common should correct the vulnerability.  I could be
> wrong and I'm sure someone will correct me if I am.  :)

You are correct. The files are /usr/bin/htpasswd and
/usr/lib/apache/1.3/mod_include.so. Both are indeed in apache-common.

Otherwise, the apache-perl package might be affected too. Not only
apache-ssl.

HTH,
Lupe Christoph
-- 
| lupe@lupe-christoph.de       |           http://www.lupe-christoph.de/ |
| "... putting a mail server on the Internet without filtering is like   |
| covering yourself with barbecue sauce and breaking into the Charity    |
| Home for Badgers with Rabies.                            Michael Lucas |

Reply to:

References:
- Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution
  - From: Steve Suehring <dsec@braingia.org>

Prev by Date: Re: any DSA for CAN-2004-0930
Next by Date: Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution
Previous by thread: Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution
Next by thread: Re: [SECURITY] [DSA-594-1] New Apache packages fix arbitrary code execution
Index(es):
- Date
- Thread