Bug#551727: apache2: CVE-2009-1890 - backport patch from Apache 2.2.12

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#551727: apache2: CVE-2009-1890 - backport patch from Apache 2.2.12
From: Tobias Barth <tobias.barth@web-arts.com>
Date: Tue, 20 Oct 2009 09:42:05 +0200
Message-id: <[🔎] 20091020074205.14435.23999.reportbug@dragan.web-arts.int>
Reply-to: Tobias Barth <tobias.barth@web-arts.com>, 551727@bugs.debian.org

Package: apache2.2-common
Version: 2.2.9-10+lenny4
Severity: normal


see http://httpd.apache.org/security/vulnerabilities_22.html - there is a
mod_proxy DOS attack vulnerability that should be fixed in some of the next
revisions of the apache2 Debian packages

-- Package-specific info:
List of enabled modules from 'apache2 -M':
  alias auth_basic authn_file authz_default authz_groupfile
  authz_host authz_user autoindex cgi dir env mime negotiation perl
  php5 proxy_connect proxy_http proxy python security2 setenvif
  status unique_id

-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages apache2 depends on:
ii  apache2-mpm-prefork      2.2.9-10+lenny4 Apache HTTP Server - traditional n

apache2 recommends no packages.

apache2 suggests no packages.

Versions of packages apache2.2-common depends on:
ii  apache2-utils       2.2.9-10+lenny4      utility programs for webservers
ii  libapr1             1.2.12-5+lenny1      The Apache Portable Runtime Librar
ii  libaprutil1         1.2.12+dfsg-8+lenny4 The Apache Portable Runtime Utilit
ii  libc6               2.7-18               GNU C Library: Shared libraries
ii  libmagic1           4.26-1               File type determination library us
ii  libssl0.9.8         0.9.8g-15+lenny5     SSL shared libraries
ii  lsb-base            3.2-20               Linux Standard Base 3.2 init scrip
ii  mime-support        3.44-1               MIME files 'mime.types' & 'mailcap
ii  net-tools           1.60-22              The NET-3 networking toolkit
ii  perl                5.10.0-19lenny2      Larry Wall's Practical Extraction 
ii  procps              1:3.2.7-11           /proc file system utilities
ii  zlib1g              1:1.2.3.3.dfsg-12    compression library - runtime

-- no debconf information

Reply to:

Follow-Ups:
- Bug#551727: apache2: CVE-2009-1890 - backport patch from Apache 2.2.12
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: Bug#550142: mod_authnz_ldap.so: undefined symbol: apr_ldap_url_parse
Next by Date: Bug#550840: apache2-mpm-prefork: reload does not work: childs hangs on FUTEX_WAIT_PRIVATE
Previous by thread: Bug#541186: marked as done (apache2 crashes and return blank output)
Next by thread: Bug#551727: apache2: CVE-2009-1890 - backport patch from Apache 2.2.12
Index(es):
- Date
- Thread