Re: [SECURITY] [DSA 2298-1] apache2 security update

To: debian-security@lists.debian.org,debian-security-announce@lists.debian.org
Subject: Re: [SECURITY] [DSA 2298-1] apache2 security update
From: Rev Tom Ulrick <xpurple@xpurple.com>
Date: Mon, 29 Aug 2011 17:58:15 -0500
Message-id: <[🔎] d688579c-d91f-4c00-942c-86fffae34844@email.android.com>
In-reply-to: <E1Qy9Bx-0001rj-Ua@chopin.debian.org>
References: <E1Qy9Bx-0001rj-Ua@chopin.debian.org>

I copied the configs directly over.

Stefan Fritsch <sf@debian.org> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>-
>-------------------------------------------------------------------------
>Debian Security Advisory DSA-2298-1                  
>security@debian.org
>http://www.debian.org/security/                            Stefan
>Fritsch
>August 29, 2011                       
>http://www.debian.org/security/faq
>-
>-------------------------------------------------------------------------
>
>Package        : apache2
>Vulnerability  : denial of service
>Problem type   : remote
>Debian-specific: no
>CVE ID         : CVE-2010-1452 CVE-2011-3192
>
>Two issues have been found in the Apache HTTPD web server:
>
>CVE-2011-3192
>
>A vulnerability has been found in the way the multiple overlapping
>ranges are handled by the Apache HTTPD server. This vulnerability
>allows an attacker to cause Apache HTTPD to use an excessive amount of
>memory, causing a denial of service.
>
>CVE-2010-1452
>
>A vulnerability has been found in mod_dav that allows an attacker to
>cause a daemon crash, causing a denial of service. This issue only
>affects the Debian 5.0 oldstable/lenny distribution.
>
>
>For the oldstable distribution (lenny), these problems have been fixed
>in version 2.2.9-10+lenny10.
>
>For the stable distribution (squeeze), this problem has been fixed in
>version 2.2.16-6+squeeze2.
>
>For the testing distribution (wheezy), this problem will be fixed soon.
>
>For the unstable distribution (sid), this problem has been fixed in
>version 2.2.19-2.
>
>We recommend that you upgrade your apache2 packages.
>
>This update also contains updated apache2-mpm-itk packages which have
>been recompiled against the updated apache2 packages. The new version
>number for the oldstable distribution is 2.2.6-02-1+lenny5. In the
>stable distribution, apache2-mpm-itk has the same version number as
>apache2.
>
>Further information about Debian Security Advisories, how to apply
>these updates to your system and frequently asked questions can be
>found at: http://www.debian.org/security/
>
>Mailing list: debian-security-announce@lists.debian.org
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.11 (GNU/Linux)
>
>iD8DBQFOW/+Mbxelr8HyTqQRAn+CAJ9s4JT+blC4eMB2rKEB1dLjtiA1+wCgvJDp
>/oid/eRrQ5zmnSp+KQ0R+Cs=
>=Svdo
>-----END PGP SIGNATURE-----
>
>
>-- 
>To UNSUBSCRIBE, email to
>debian-security-announce-REQUEST@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact
>listmaster@lists.debian.org
>Archive: http://lists.debian.org/E1Qy9Bx-0001rj-Ua@chopin.debian.org

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Reply to:

Prev by Date: Abwesenheitsnotiz [SECURITY] [DSA 2298-1] apache2 security update
Next by Date: security updates using ftp
Previous by thread: Abwesenheitsnotiz [SECURITY] [DSA 2298-1] apache2 security update
Next by thread: security updates using ftp
Index(es):
- Date
- Thread