- -------------------------------------------------------------------------- Debian-Edu/Skolelinux Security Advisory DESA 2004-019 http://www.skolelinux.no/security/ Morten Werner Olsen November 22, 2004 debian-edu-security@lists.alioth.debian.org - -------------------------------------------------------------------------- Package : apache (apache apache-common) Vulnerability : buffer overflows Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0940 DSA ID : DSA-594-1 DSA URL : http://www.debian.org/security/2004/dsa-594 Two vulnerabilities have been identified in the Apache 1.3 webserver. "Crazy Einstein" has discovered a vulnerability in the "mod_include" module, which can cause a buffer to be overflown and could lead to the execution of arbitrary code. Larry Cashdollar has discovered a potential buffer overflow in the htpasswd utility, which could be exploited when user-supplied is passed to the program via a CGI (or PHP, or ePerl, ...) program. We recommend that you update your apache packages. Upgrade Instructions - -------------------- Make sure the line deb http://security.debian.org/ stable/updates main contrib non-free is present in your /etc/apt/sources.list and run 'apt-get update' to update your package lists. Then run 'apt-get install apache apache-common apache-doc' to upgrade your apache packages. - -------------------------------------------------------------------------- Mailing list: bruker@skolelinux.no, debian-edu@lists.debian.org, linuxiskolen@skolelinux.no, user@skolelinux.de Package info: `apt-cache show <pkg>'
Attachment:
signature.asc
Description: Digital signature