Bug#351246: apache2: [CVE-2005-3357] DoS (crash) with mod_ssl

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#351246: apache2: [CVE-2005-3357] DoS (crash) with mod_ssl
From: intrigeri <intrigeri@boum.org>
Date: Fri, 03 Feb 2006 15:14:34 +0100
Message-id: <[🔎] 86irrwbkc5.fsf@intrigeri.boum.org>
Reply-to: intrigeri <intrigeri@boum.org>, 351246@bugs.debian.org

Package: apache2
Tags: security, sarge
Version: 2.0.54-5
Severity: important

Upstream reports a DoS issue in Apache:
http://issues.apache.org/bugzilla/show_bug.cgi?id=37791

This has been fixed in sid's apache2 2.0.55-4, but seems to remain
in sarge.

Impact does not seem to be substantial (very specific configuration
required), therefore I'm setting the severity to "important".

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11-20050709
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8)

Versions of packages apache2 depends on:
ii  apache2-mpm-worker            2.0.54-5   high speed threaded model for Apac

-- no debconf information

-- 
  intrigeri <intrigeri@boum.org>

Reply to:

Prev by Date: Disattivazione completata.
Next by Date: Bug#351346: apache2-mpm-prefork: ssl engine don't work
Previous by thread: Disattivazione completata.
Next by thread: Bug#351346: apache2-mpm-prefork: ssl engine don't work
Index(es):
- Date
- Thread