[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DESA-2004-019 - apache: buffer overflows

- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2004-019
http://www.skolelinux.no/security/                      Morten Werner Olsen
November 22, 2004               debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

Package             : apache (apache apache-common)
Vulnerability       : buffer overflows
Need reboot         : no
Debian-Edu-specific : no
CVE ID              : CAN-2004-0940
DSA ID              : DSA-594-1
DSA URL             : http://www.debian.org/security/2004/dsa-594

Two vulnerabilities have been identified in the Apache 1.3
webserver. "Crazy Einstein" has discovered a vulnerability in the
"mod_include" module, which can cause a buffer to be overflown and
could lead to the execution of arbitrary code. Larry Cashdollar has
discovered a potential buffer overflow in the htpasswd utility, which
could be exploited when user-supplied is passed to the program via a
CGI (or PHP, or ePerl, ...) program.

We recommend that you update your apache packages.

Upgrade Instructions
- --------------------

Make sure the line

  deb http://security.debian.org/ stable/updates main contrib non-free

is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists. Then run

  'apt-get install apache apache-common apache-doc'

to upgrade your apache packages.

- --------------------------------------------------------------------------
Mailing list: bruker@skolelinux.no, debian-edu@lists.debian.org,
              linuxiskolen@skolelinux.no, user@skolelinux.de
Package info: `apt-cache show <pkg>'

Attachment: signature.asc
Description: Digital signature

Reply to: