[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] New versions of apache fixes denial of services



We have received a report from Dag-Erling Coidan Smørgrav who says
that the apache as distributed with Debian GNU/Linux 2.0 is vulnerable
to a denial of services exploit, where repeated, identical headers
can consume O(n^2) memory.

We recommend you upgrade your apache package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.0 alias hamm
-------------------------------

  This version of Debian was released only for the Intel and the
  Motorola 68xxx architecture.

    ftp://ftp.debian.org/debian/dists/stable-updates/apache_1.3.0-5.diff.gz
      MD5 checksum: ce19f3993e469bd862c6160ba2809ed9
    ftp://ftp.debian.org/debian/dists/stable-updates/apache_1.3.0-5.dsc
      MD5 checksum: e8fc0dd9660fc17ba7423ae2235e9463
    ftp://ftp.debian.org/debian/dists/stable-updates/apache_1.3.0-5_i386.changes
      MD5 checksum: 0470ab9f66a70b3ad4745a902983be7c

  Intel architecture:
    ftp://ftp.debian.org/debian/dists/stable-updates/apache_1.3.0-5_i386.deb
      MD5 checksum: 3b3741bbf86e104babecffbc658203dd

  Motorola 68xxx architecture:
    ftp://ftp.debian.org/debian/dists/stable-updates/apache_1.3.0-5_m68k.deb
      MD5 checksum: 9187faca2e84f5b43439b29d814c7fe3


  These files will be moved into
  ftp://ftp.debian.org/debian/dists/hamm/*/binary-$arch/ soon.


For other architectures please refer to the appropriate directory
ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

--
Debian GNU/Linux    .    Security Managers    .    security@debian.org
              debian-security-announce@lists.debian.org
Christian Hudon <chrish@debian.org> . Martin Schulze <joey@debian.org>

Attachment: pgpM7vK6buEJT.pgp
Description: PGP signature


Reply to: