[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#441845: marked as done (CVE-2007-3847: apache2 denial of service vulnerability (for threaded MPMs) in mod_proxy)

Your message dated Sun, 16 Sep 2007 21:33:38 +0200
with message-id <200709162133.38244.sf@sfritsch.de>
and subject line fixed in 2.2.6-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: apache2
Severity: critical
Justification: root security hole
Tags: security

*** Please type your report below this line ***

A security hole has been disclosed on the Apache web site.
http://httpd.apache.org/security/vulnerabilities_22.html

Although it is disclosed as a denial of service, it seems
to involve a buffer overflow, and thus allow remote code
execution under the apache account. I can confim, from
attacks in systems of a customer, that this is actually the case.

As I have not seen any security upgrade from 4th of september,
date of the disclosure, I request this issue to be fixed.


Ramon Garcia
Systems Administrator
ramon.garcia@kotasoft.com
http://www.kotasoft.com

-- System Information:
Debian Release: 4.0
 APT prefers stable
 APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-vserver-686
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)

--- End Message ---
--- Begin Message --- 
Version: 2.2.6-1

This was fixed in 2.2.6-1

--- End Message ---
Reply to: