Sicherheit: Unsichere Verwendung temporärer Dateien in apache-utils - Pro-Linux

===========================================================
Ubuntu Security Notice USN-65-1		   January 19, 2005
apache vulnerabilities
http://bugs.debian.org/290974
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

apache-utils

The problem can be corrected by upgrading the affected package to
version 1.3.31-6ubuntu0.4. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Javier Fernández-Sanguino Peña noticed that the "check_forensic"
script created temporary files in an insecure manner. This could
allow a symbolic link attack to create or overwrite arbitrary files
with the privileges of the user invoking the program.

  Source archives:

    apache_1.3.31-6ubuntu0.4.diff.gz
      Size/MD5:   369655 7ec465eece404f6ddd1d45a8292b1fe6
    apache_1.3.31-6ubuntu0.4.dsc
      Size/MD5:     1102 9165d920ac5f269f5abf886ee392613c
    apache_1.3.31.orig.tar.gz
      Size/MD5:  3104170 ca475fbb40087eb157ec51334f260d1b

  Architecture independent packages:

    apache-dev_1.3.31-6ubuntu0.4_all.deb
      Size/MD5:   329424 f05e89912051a57e3a0f4b439d813bcf
    apache-doc_1.3.31-6ubuntu0.4_all.deb
      Size/MD5:  1186432 b7490f2099b1bd5b512cb2dba9fc3fcf

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    apache-common_1.3.31-6ubuntu0.4_amd64.deb
      Size/MD5:   873090 4de4ad38fa7021c3666349134f3f3939
    apache-dbg_1.3.31-6ubuntu0.4_amd64.deb
      Size/MD5:  9131010 8dfb8f02f5cd07223069a08c3156a015
    apache-perl_1.3.31-6ubuntu0.4_amd64.deb
      Size/MD5:   520354 81033c5317f6d50b69a796df54f56f90
    apache-ssl_1.3.31-6ubuntu0.4_amd64.deb
      Size/MD5:   510288 f986a142140d051b3d2590e7add86a54
    apache-utils_1.3.31-6ubuntu0.4_amd64.deb
      Size/MD5:   271078 bcb58f9b5a102f4109a0e6bd7b80a1c1
    apache_1.3.31-6ubuntu0.4_amd64.deb
      Size/MD5:   397916 6f039537fd6365bd5627a6004f445e45
    libapache-mod-perl_1.29.0.2-14ubuntu0.1_amd64.deb
      Size/MD5:   491306 86f3c435f888d78e6a03456af0eb7101

  i386 architecture (x86 compatible Intel/AMD)

    apache-common_1.3.31-6ubuntu0.4_i386.deb
      Size/MD5:   838326 6e8c39afade6e140502592602c180f81
    apache-dbg_1.3.31-6ubuntu0.4_i386.deb
      Size/MD5:  9080282 3555a952ded8b3370691d8585163587a
    apache-perl_1.3.31-6ubuntu0.4_i386.deb
      Size/MD5:   494050 62489a77ba210430b8803aea05be968c
    apache-ssl_1.3.31-6ubuntu0.4_i386.deb
      Size/MD5:   483720 5cc3c2014e2b30b1a0906c2748d6bef3
    apache-utils_1.3.31-6ubuntu0.4_i386.deb
      Size/MD5:   264974 65e6aed85dd4ac7c1485f8eae951788f
    apache_1.3.31-6ubuntu0.4_i386.deb
      Size/MD5:   377152 55d3b656566987d140d2677d1c0de61c
    libapache-mod-perl_1.29.0.2-14ubuntu0.1_i386.deb
      Size/MD5:   484640 da71290705c6f6f6faf1d6dc254bf4a6

  powerpc architecture (Apple Macintosh G3/G4/G5)

    apache-common_1.3.31-6ubuntu0.4_powerpc.deb
      Size/MD5:   917362 652d1cd08236a6557e44d87b67e4dd16
    apache-dbg_1.3.31-6ubuntu0.4_powerpc.deb
      Size/MD5:  9225702 033e91323439c25a000b604423d71d46
    apache-perl_1.3.31-6ubuntu0.4_powerpc.deb
      Size/MD5:   511036 e66e2283e7a70758989198fbf9ebb613
    apache-ssl_1.3.31-6ubuntu0.4_powerpc.deb
      Size/MD5:   506852 a8bd4a1633e5d6c8ba51d01134fee992
    apache-utils_1.3.31-6ubuntu0.4_powerpc.deb
      Size/MD5:   278286 b25fd9ebbeeafeeb3867828251218d08
    apache_1.3.31-6ubuntu0.4_powerpc.deb
      Size/MD5:   395396 4eafd593de2508a0c574929718476320
    libapache-mod-perl_1.29.0.2-14ubuntu0.1_powerpc.deb
      Size/MD5:   488664 74541bd75de68e04a43cf61c3c7a276f

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce