===========================================================
Ubuntu Security Notice USN-133-1	       May 26, 2005
apache vulnerability
http://xforce.iss.net/xforce/xfdb/17413
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

apache-utils

The problem can be corrected by upgrading the affected package to
version 1.3.31-6ubuntu0.7. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

A buffer overflow was discovered in the "htpasswd" utility. This could
be exploited to execute arbitrary code with the privileges of the user
invoking htpasswd. This is only a security vulnerability if you have a
website that offers a public interface to htpasswd without checking
the input beforehand; however, this is very unusual.


  Source archives:

    apache_1.3.31-6ubuntu0.6.diff.gz
      Size/MD5:   370216 e4b146fdb5a84579cf72543dcba25278
    apache_1.3.31-6ubuntu0.6.dsc
      Size/MD5:     1102 695ade9c26134605755f605d8de5c829
    apache_1.3.31-6ubuntu0.7.diff.gz
      Size/MD5:   370555 e3b320d767ecddf64a4c439dcf69a20a
    apache_1.3.31-6ubuntu0.7.dsc
      Size/MD5:     1102 a686975f257bfdbf6cc5cb3b7eb33fc0
    apache_1.3.31.orig.tar.gz
      Size/MD5:  3104170 ca475fbb40087eb157ec51334f260d1b

  Architecture independent packages:

    apache-dev_1.3.31-6ubuntu0.7_all.deb
      Size/MD5:   329680 ea1b574aba9bca4c3ac298b5bfd24fc8
    apache-doc_1.3.31-6ubuntu0.7_all.deb
      Size/MD5:  1186734 9a5f2ca0ed6a222a61fa646145ce2840

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    apache-common_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:   873476 ede05d37c8b5ac6566aa31104493894a
    apache-dbg_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:  9131366 2b06dc22c63cbf20521bda43e715dd28
    apache-perl_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:   520708 8f81def40bf552cb50a3f36123375880
    apache-ssl_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:   510738 1d033b2179669b4450af2e5ee1077c13
    apache-utils_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:   271492 ea3f8ba1ede1456edbacfcc8233b7c37
    apache_1.3.31-6ubuntu0.7_amd64.deb
      Size/MD5:   398240 b6973f41949ba3a9f6634887d02eb861
    libapache-mod-perl_1.29.0.2.0-6ubuntu0.7_amd64.deb
      Size/MD5:   491604 1f0450ce55f9fc7a2204790900cdd289

  i386 architecture (x86 compatible Intel/AMD)

    apache-common_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:   838554 613569f8f1f8e2142308cf3ee8d98484
    apache-dbg_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:  9080588 68a2c0dd50fa206c6934e9be3ef130fb
    apache-perl_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:   494356 bc7952904183ca0c78dec618a5b7b10f
    apache-ssl_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:   484052 036bbeea1f293a9f76a03cb593628ddd
    apache-utils_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:   265296 620c32f9fc129cfd6e28bd3fbb7abe95
    apache_1.3.31-6ubuntu0.7_i386.deb
      Size/MD5:   377510 b95d6936e5c65389f43ab5a9c7bc19b4
    libapache-mod-perl_1.29.0.2.0-6ubuntu0.7_i386.deb
      Size/MD5:   484974 9447a769568c36df5a365c46f6de30c2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    apache-common_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:   917590 308c593f853c66f850ee26ad033cbbf0
    apache-dbg_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:  9226022 7e832b879a9ff0660f6e68d5e08c37ba
    apache-perl_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:   511372 35a07437c37d73b22e3901089942c238
    apache-ssl_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:   507178 b8bef2e3cb964a064c97cd834300d5c2
    apache-utils_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:   278630 5c2b8515f4792bc6851e9dd5e9c55a05
    apache_1.3.31-6ubuntu0.7_powerpc.deb
      Size/MD5:   395680 b8eb63089f5e6f584ae952c12e6c0c0c
    libapache-mod-perl_1.29.0.2.0-6ubuntu0.7_powerpc.deb
      Size/MD5:   488976 5d2e37fca4d74b40d0f57abd5190df67





-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce