Re: [SECURITY] [DSA 803-1] New Apache packages fix HTTP request smuggling
atualizei:
apache, apache-common e apache-utils
jp(sem assinatura).
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> -
> --------------------------------------------------------------------------
> Debian Security Advisory DSA 803-1 security@debian.org
> http://www.debian.org/security/ Martin Schulze
> September 8th, 2005 http://www.debian.org/security/faq
> -
> --------------------------------------------------------------------------
>
> Package : apache
> Vulnerability : programming error
> Problem type : remote
> Debian-specific: no
> CVE ID : CAN-2005-2088
> Debian Bug : 322607
>
> A vulnerability has been discovered in the Apache web server. When it
> is acting as an HTTP proxy, it allows remote attackers to poison the
> web cache, bypass web application firewall protection, and conduct
> cross-site scripting attacks, which causes Apache to incorrectly
> handle and forward the body of the request.
>
> For the old stable distribution (woody) this problem has been fixed in
> version 1.3.26-0woody7.
>
> For the stable distribution (sarge) this problem has been fixed in
> version 1.3.33-6sarge1.
>
> For the unstable distribution (sid) this problem has been fixed in
> version 1.3.33-8.
>
> We recommend that you upgrade your Apache package.
>
>
> Upgrade Instructions
> - --------------------
>
> wget url
> will fetch the file for you
> dpkg -i file.deb
> will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
> will update the internal database
> apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
>
> iD8DBQFDH9OSW5ql+IAeqTIRAo8cAJ9wG0wUOQcSBszrarKnqWOs9IlwTACePEcf
> cDGL/fke9UfFWxj7FBIzBwM=
> =vhXI
> -----END PGP SIGNATURE-----
Reply to: