Bugtraq mailing list archives

Debian Apache Security Update

From: johnie () NETGOD NET (Johnie Ingram)
Date: Sat, 8 Aug 1998 00:53:00 -0400

-----BEGIN PGP SIGNED MESSAGE-----


A security problem has been found in apache.  It allows users to crash
the webserver from a remote system, and should be fixed as soon as
possible.

Debian 2.0 and "slink"
- ----------------------

i386:
wget http://ftp1.us.debian.org/debian/security/apache_1.3.1-3_i386.deb
wget http://ftp1.us.debian.org/debian/security/apache-common_1.3.1-3_i386.deb
dpkg -B --install apache_1.3.1-3_i386.deb apache-common_1.3.1-3_i386.deb

alpha:
wget http://ftp1.us.debian.org/debian/security/apache_1.3.1-3_alpha.deb
wget http://ftp1.us.debian.org/debian/security/apache-common_1.3.1-3_alpha.deb
dpkg -B --install apache_1.3.1-3_alpha.deb apache-common_1.3.1-3_alpha.deb

SPARC:
wget http://ftp1.us.debian.org/debian/security/apache-common_1.3.1-3_sparc.deb
wget http://ftp1.us.debian.org/debian/security/apache_1.3.1-3_sparc.deb
dpkg -B --install apache_1.3.1-3_sparc.deb apache-common_1.3.1-3_sparc.deb

automatic upgrades:
Our tier 1 mirrors already have the additional files needed for an automatic
dselect or apt upgrade:
     * http://www.uk.debian.org/debian/ (Europe)
     * http://debian.midco.net/debian/ (South Dakota)
     * http://llug.sep.bnl.gov/debian/ (New York)
     * http://ftp1.us.debian.org/debian/ (Michigan)

NOTE: This will break the libapache-mod-perl and php3 packages
released with Debian 2.0.  A mod_perl DSO suitable for Apache 1.3.1 is
on all mirror sites in the "slink" distribution.

Thanks to Dag-Erling Smørgrav for finding this bug, and Ben Laurie for
fixing it.


d4dfe92f16137d8763581baa8669e518  apache-common_1.3.1-3_alpha.deb
f29124cbfbc283d50074184274a5e831  apache-common_1.3.1-3_i386.deb
22a48cab0455aba52fc25d0202844de8  apache-common_1.3.1-3_sparc.deb
e8361b3ce0da4653c009ecdc950e3ff6  apache-dev_1.3.1-3_all.deb
7be5af08b716366c9d0701b4e3c31fa8  apache-doc_1.3.1-3_all.deb
07f0d80e6811cfeb5b266a5f03c634ec  apache_1.3.1-3_alpha.deb
105f07e5e4a8d4e059bcf8e06a1aa1ef  apache_1.3.1-3_i386.deb
9244e8de9ade54f32ee35b4b5a38776b  apache_1.3.1-3_sparc.deb


- ---------------------  PGP  E4 70 6E 59 80 6A F5 78  63 32 BC FB 7A 08 53 4C

   __ _    Debian GNU         Johnie Ingram <johnie () netgod net>      mm   mm
  / /(_)_ __  _   ___  __        "netgod"     irc.debian.org          mm mm
 / / | | '_ \| | | \ \/ /                                             m m m
/ /__| | | | | |_| |>  <      Yes, I'm Linus, and I am your God.     mm   mm
\____/_|_| |_|\__,_/_/\_\       -- Linus, keynote address, Expo 98   GO BLUE


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: latin1

iQCVAwUBNcvZhhCswmGWXGp9AQHfWAQAjz87EI9iWE48yn08cwleNIEA3gLiFjOo
lhP+1L+15eJ+oJQbcgTcnvA4W7iDhEU5LnCxoPSRFanX+4RZK9wG60JlhopLINRT
lxP7vkj8KJTxPLKJGh4PST7Stz2xmbf3AB5VNBApU8JLbzwFFyWz9G+JITTO9/b4
7+0UY4aB3QA=
=c2yu
-----END PGP SIGNATURE-----
Current thread:

Debian Apache Security Update Johnie Ingram (Aug 07)