---

Advisories: September 8, 2005

Debian GNU/Linux


Debian Security Advisory DSA 803-1 [email protected]
http://www.debian.org/security/
Martin Schulze
September 8th, 2005 http://www.debian.org/security/faq


Package : apache
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2088
Debian Bug : 322607

A vulnerability has been discovered in the Apache web server.
When it is acting as an HTTP proxy, it allows remote attackers to
poison the web cache, bypass web application firewall protection,
and conduct cross-site scripting attacks, which causes Apache to
incorrectly handle and forward the body of the request.

For the old stable distribution (woody) this problem has been
fixed in version 1.3.26-0woody7.

For the stable distribution (sarge) this problem has been fixed
in version 1.3.33-6sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 1.3.33-8.

We recommend that you upgrade your Apache package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7.dsc

      Size/MD5 checksum: 668
498fa0b608affe5f54ca6f39c09ee842
    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7.diff.gz

      Size/MD5 checksum: 301515
9aca1a8cc1bb9d2cf016dd59f66e318d
    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26.orig.tar.gz

      Size/MD5 checksum: 2586182
5cd778bbe6906b5ef39dbb7ef801de61

Architecture independent components:

    http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.26-0woody7_all.deb

      Size/MD5 checksum: 1022808
3c34206949d744c5131401fb37bd80c4

Alpha architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_alpha.deb

      Size/MD5 checksum: 395714
420933ad19e04518f105c7c10a6bdca3
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_alpha.deb

      Size/MD5 checksum: 926264
af2983a29e494c582e40bd9e3bd6d5f3
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_alpha.deb

      Size/MD5 checksum: 714110
4a531cd2954b066755b68b9be16ace01

ARM architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_arm.deb

      Size/MD5 checksum: 361344
cec90195145f015edfbfc35313c7f6cc
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_arm.deb

      Size/MD5 checksum: 839138
bc71db85fa4eff02aa30caaa757a5f2f
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_arm.deb

      Size/MD5 checksum: 544586
62191863ffd4f96497754f4b915a3c50

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_i386.deb

      Size/MD5 checksum: 350294
fba3a1bc003f12e9ee66bd82151c8a81
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_i386.deb

      Size/MD5 checksum: 812910
2e7fd26fa78f0a6b908299a169bd602b
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_i386.deb

      Size/MD5 checksum: 535754
d5868a7f4e0dea7465bedfabaebeeab4

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_ia64.deb

      Size/MD5 checksum: 437076
390ca31bee590563697f2ec874a9ab8e
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_ia64.deb

      Size/MD5 checksum: 1012722
08eb945393ea1d387db567b9d77b8c0d
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_ia64.deb

      Size/MD5 checksum: 949382
74acda01856de32d4e088e2979af4e21

HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_hppa.deb

      Size/MD5 checksum: 386404
38d85074b963f4c60d2c07e8f8437027
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_hppa.deb

      Size/MD5 checksum: 891868
9d205f549055bd60ca4ff7d829f4fc23
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_hppa.deb

      Size/MD5 checksum: 587298
1fd0eeb14f911f7292a2ed151f1963d3

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_m68k.deb

      Size/MD5 checksum: 348106
fb9185202aafe64373cb39f74a2896ab
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_m68k.deb

      Size/MD5 checksum: 821416
08e1b1b1f63ac8444573e0eab09a6134
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_m68k.deb

      Size/MD5 checksum: 537452
be018f9034cb1585c4351d7a3edfb9e8

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_mips.deb

      Size/MD5 checksum: 376696
568c92beb624c9d5667f49564f441c93
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_mips.deb

      Size/MD5 checksum: 844412
6083195b5a3c769affdbed0c1c4cd4e5
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_mips.deb

      Size/MD5 checksum: 576630
6f40ec8c0c9f7782841a9b26a25598c5

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_mipsel.deb

      Size/MD5 checksum: 376756
78ca3c2a563dbc360e0b097261b5e96c
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_mipsel.deb

      Size/MD5 checksum: 843080
e39f27bc7d1643b8401be0b2e28e2190
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_mipsel.deb

      Size/MD5 checksum: 565760
ff557d4a490f6816e845a211f8b922f4

PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_powerpc.deb

      Size/MD5 checksum: 367218
d7cb4f03e68396ded487f9ced5bb4aaf
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_powerpc.deb

      Size/MD5 checksum: 846502
fb418736bd7c2f6a1ca334975846fddc
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_powerpc.deb

      Size/MD5 checksum: 559280
16166fe59363ec62ad55dbfba0b943ac

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_s390.deb

      Size/MD5 checksum: 363954
e6d6879c6d646d6e1fb0219d814164ba
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_s390.deb

      Size/MD5 checksum: 832858
15e2a71fc2034c1a4ea87ce76d2c265b
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_s390.deb

      Size/MD5 checksum: 559654
9864c8523283558ef2634223c8e30175

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_sparc.deb

      Size/MD5 checksum: 361122
91a73fa039e886fa5d7ec71e5f6c2be4
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_sparc.deb

      Size/MD5 checksum: 847538
18486b37535a3efbf2da6e1980e191af
    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_sparc.deb

      Size/MD5 checksum: 545090
5c5a24942e0368597043dad517dc842d

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1.dsc

      Size/MD5 checksum: 1119
1fd30bda6f8ced16f68a75b42062e719
    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1.diff.gz

      Size/MD5 checksum: 369073
9b04027dc8af9fc5c19bef5304d6d1a6
    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33.orig.tar.gz

      Size/MD5 checksum: 3105683
1a34f13302878a8713a2ac760d9b6da8

Architecture independent components:

    http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.33-6sarge1_all.deb

      Size/MD5 checksum: 331258
2690e824569ca7d3b20c22697fff83ac
    http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.33-6sarge1_all.deb

      Size/MD5 checksum: 1189326
53df3e1f7e47375c957673ff49649ee2
    http://security.debian.org/pool/updates/main/a/apache/apache-utils_1.3.33-6sarge1_all.deb

      Size/MD5 checksum: 212030
1a9af803b7bb9ee718c8d2463157c73d

Alpha architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_alpha.deb

      Size/MD5 checksum: 428030
3ffbf8af975d56bc7db1061251203648
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_alpha.deb

      Size/MD5 checksum: 903960
fdc9c4b3baa5a2d9bac6132b2505e9b9
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_alpha.deb

      Size/MD5 checksum: 9223190
723b5e2c114d4c1ffe17d4c875cef946
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_alpha.deb

      Size/MD5 checksum: 569232
8982fb3879163bf11223cd68e153b630
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_alpha.deb

      Size/MD5 checksum: 542450
9828318e78f6e8c48b393b7e56e902da
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_alpha.deb

      Size/MD5 checksum: 504952
5f37c07c2cd257fe8a977c2bccf84196

AMD64 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_amd64.deb

      Size/MD5 checksum: 398816
fc41d5cc0df349bdfa3068150af6ce56
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_amd64.deb

      Size/MD5 checksum: 872748
1acdcb70258e22a443c1d8eafd9df6d8
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_amd64.deb

      Size/MD5 checksum: 9162752
ac8622c137cbcd3add6ef4456fe4d194
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_amd64.deb

      Size/MD5 checksum: 521410
7bad8992492c57535e63b073bbdd70a2
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_amd64.deb

      Size/MD5 checksum: 511600
440d57d227bacbba250e42b0998d3472
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_amd64.deb

      Size/MD5 checksum: 491566
d743410216b058f4dcda5d6a0edf6bfc

ARM architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_arm.deb

      Size/MD5 checksum: 384126
8625ed1b91de09247d944ddc324072a4
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_arm.deb

      Size/MD5 checksum: 841216
b06943003e94af6a1a713764f8829e04
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_arm.deb

      Size/MD5 checksum: 8986348
771b93d92f4bb496ea38968b7e7ab453
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_arm.deb

      Size/MD5 checksum: 495786
e83abce208df8f4d83c372ac7acad26b
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_arm.deb

      Size/MD5 checksum: 489450
8724665288e98071aa40a48214479340
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_arm.deb

      Size/MD5 checksum: 479176
ef5eb11ec3ec10b04e1d652e67a1a881

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_i386.deb

      Size/MD5 checksum: 385394
d1fb460ac66b9c279bb973962c6b37a6
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_i386.deb

      Size/MD5 checksum: 844800
ad852939fd0e97aa35f731e506888eca
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_i386.deb

      Size/MD5 checksum: 9128930
d39bd56c23b083feeb2d30c1582ac091
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_i386.deb

      Size/MD5 checksum: 504894
49cff4c1bc76b51806afe487c0a93fd5
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_i386.deb

      Size/MD5 checksum: 492748
fa4e8d3d4c725d0145c78b3f782566d3
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_i386.deb

      Size/MD5 checksum: 485896
0ad21611cc1f3e24e4b51b0b0a76b1bf

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_ia64.deb

      Size/MD5 checksum: 463278
f57f06ae8694e78bfa01fe01ae294579
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_ia64.deb

      Size/MD5 checksum: 971458
50569cef954ad7d77b7f239fc31f951b
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_ia64.deb

      Size/MD5 checksum: 9355914
a14cfca2717ae3221703ba675ffc72b8
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_ia64.deb

      Size/MD5 checksum: 627244
1c7a43c3824f95ba5bca90478a755070
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_ia64.deb

      Size/MD5 checksum: 585816
2d9b76094d06abe31ded988ca2706fb9
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_ia64.deb

      Size/MD5 checksum: 532720
4a9d91d7472ceb574f2cb33a798ff4fb

HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_hppa.deb

      Size/MD5 checksum: 406526
e0e289829771783148f0aa8fd6b42887
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_hppa.deb

      Size/MD5 checksum: 905350
9919f238e92cae322d4ff4c05ed9ee5d
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_hppa.deb

      Size/MD5 checksum: 9101106
edb4267ac44bf9ecc5a101ca037f36c4
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_hppa.deb

      Size/MD5 checksum: 535940
eae642e169c3d570a8925051b485b9f0
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_hppa.deb

      Size/MD5 checksum: 518712
a12117ebb93f2dc0d9a5c6fdacc469a9
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_hppa.deb

      Size/MD5 checksum: 508670
c3cea44f6e4cbb3807a43d6126ee37b1

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_m68k.deb

      Size/MD5 checksum: 370908
a2c3e424759606dd7458accef0b44f1a
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_m68k.deb

      Size/MD5 checksum: 846822
1fe7f8bd1fc4d9a14781240b6feaa7d7
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_m68k.deb

      Size/MD5 checksum: 8973276
ef9b79490ab44c218453d89514250a7a
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_m68k.deb

      Size/MD5 checksum: 448590
5c66ff250a26bc1c37b0fcdaa2119a08
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_m68k.deb

      Size/MD5 checksum: 477172
d7f6a3d1bdbc2503cb2c4a195290e9af
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_m68k.deb

      Size/MD5 checksum: 489260
a148e7a997d6eb61157d0323fab7bfb1

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_mips.deb

      Size/MD5 checksum: 403176
6b843eba1a3e47e7199b9177470442db
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_mips.deb

      Size/MD5 checksum: 851408
bd4260941f9ff3225239f435a3434f25
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_mips.deb

      Size/MD5 checksum: 9048796
f74919a30dfe9f9528b8203f29f3d13a
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_mips.deb

      Size/MD5 checksum: 485022
a3535fcc942da7cf5b6b65c35a953a51
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_mips.deb

      Size/MD5 checksum: 509744
b3727680a67aa43a28de81cd8177a5a8
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_mips.deb

      Size/MD5 checksum: 443412
2c0450982c0784bff8c949f4b009ec71

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_mipsel.deb

      Size/MD5 checksum: 403554
9267cff98a6f26601eec930ee465a15d
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_mipsel.deb

      Size/MD5 checksum: 849718
296ee1fce7f27226e3a74bddecfee3cf
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_mipsel.deb

      Size/MD5 checksum: 9054322
2f0acb4f4fd17284984df97fcd2d6e3d
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_mipsel.deb

      Size/MD5 checksum: 485244
1f05badc7c8e3355c367e36b5dcf70e9
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_mipsel.deb

      Size/MD5 checksum: 510556
754c9c85a0c40a54b0a5a3826ef3abbd
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_mipsel.deb

      Size/MD5 checksum: 443336
1c10dd7f81c00d9673ad4aa979fb242e

PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_powerpc.deb

      Size/MD5 checksum: 398582
d68c136329d94f8bfa9bfb71bcb07e2c
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_powerpc.deb

      Size/MD5 checksum: 921236
9bcad607aaae2cb909c91da5fed9011e
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_powerpc.deb

      Size/MD5 checksum: 9252826
71e4ba9567ec87c4027b93f7b652b95a
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_powerpc.deb

      Size/MD5 checksum: 515222
4e452c60d904b82a2e053c92383a63c4
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_powerpc.deb

      Size/MD5 checksum: 510242
cb5374bd1c272609f21554e63f696c69
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_powerpc.deb

      Size/MD5 checksum: 490588
77a97a033d92d14ba9ea7f602d558735

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_s390.deb

      Size/MD5 checksum: 403082
e114c88f6c2dd4ba6ee0b04d5a914cd8
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_s390.deb

      Size/MD5 checksum: 868348
b43f4c5706945e0ecddc05a28472655a
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_s390.deb

      Size/MD5 checksum: 9183454
f09e3839b02a0f7923a3b7da33c2c6e3
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_s390.deb

      Size/MD5 checksum: 489950
c90188ab4b4bab70009d32ef7cca0764
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_s390.deb

      Size/MD5 checksum: 514356
bfa36941fa00567abac50a90112f7b44
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_s390.deb

      Size/MD5 checksum: 460380
55ac06c1de1a071a8fb0a0c04c769985

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_sparc.deb

      Size/MD5 checksum: 385444
728bb478200c9d1c584f0360ac4fc487
    http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_sparc.deb

      Size/MD5 checksum: 848868
fec17b5c0e4e0bb626e563db38e3704b
    http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_sparc.deb

      Size/MD5 checksum: 9046688
802b70f23eed8abd0767aed4b72901e7
    http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_sparc.deb

      Size/MD5 checksum: 504046
1984de0906eded5c01dd485a6bcfcfe5
    http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_sparc.deb

      Size/MD5 checksum: 491800
ec7cd2874c2d64ca64cd471a26212632
    http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_sparc.deb

      Size/MD5 checksum: 490198
a2c4676f9fd79892234f2f03ec188fb3

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 804-1 [email protected]
http://www.debian.org/security/
Martin Schulze
September 8th, 2005 http://www.debian.org/security/faq


Package : kdelibs
Vulnerability : insecure permissions
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-1920

KDE developers have reported a vulnerability in the backup file
handling of Kate and Kwrite. The backup files are created with
default permissions, even if the original file had more strict
permissions set. This could disclose information unintendedly.

For the stable distribution (sarge) this problem has been fixed
in version 3.3.2-6.2.

For the unstable distribution (sid) these problems have been
fixed in version 3.4.1-1.

We recommend that you upgrade your kate package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2.dsc

      Size/MD5 checksum: 1255
483c95e5daf87366aed15fc25d1f5cb0
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2.diff.gz

      Size/MD5 checksum: 404164
7c221eb2cb7f110c4e6c0e124a72ead1
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2.orig.tar.gz

      Size/MD5 checksum: 18250342
04f10ddfa8bf9e359f391012806edc04

Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.3.2-6.2_all.deb

      Size/MD5 checksum: 7094348
a4ba83e80051d39338be12beeb6c6db7
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.3.2-6.2_all.deb

      Size/MD5 checksum: 11533148
dfd0916af8c7a6f9250797d0582b026e
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2_all.deb

      Size/MD5 checksum: 27804
b09d44d53b16bbee369864a97f7a1a65

Alpha architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_alpha.deb

      Size/MD5 checksum: 995486
2c34cfea7388d0fddebb298d28208230
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_alpha.deb

      Size/MD5 checksum: 9282802
8ff374e3fb8301721fae64795d105a25
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_alpha.deb

      Size/MD5 checksum: 1245828
12902a2bc48712b8dc2078d504e93ce1

AMD64 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_amd64.deb

      Size/MD5 checksum: 923202
2f294881d0f02bd5fb8150e970d4e92e
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_amd64.deb

      Size/MD5 checksum: 8513542
c51108afe37b9627a0cf3b6be0bd1b1a
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_amd64.deb

      Size/MD5 checksum: 1240540
c1d112b699ab6446589e3364501ea5e2

ARM architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_arm.deb

      Size/MD5 checksum: 811038
6ab24a7d469012e6055dade8ad5776e3
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_arm.deb

      Size/MD5 checksum: 7594720
8522c2252a063b90a403a8332ff4e77a
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_arm.deb

      Size/MD5 checksum: 1239128
419560c0b5fbf685f96e603167bfbb85

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_i386.deb

      Size/MD5 checksum: 863944
f632bf601e9d365cfa328846b381d975
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_i386.deb

      Size/MD5 checksum: 8205918
5424c3b4cc9157af8c6397947925fedc
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_i386.deb

      Size/MD5 checksum: 1240090
58196248a56aa65666ea4f9b797e59b3

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_ia64.deb

      Size/MD5 checksum: 1148720
a2699e42dbff841c5f76a4723bd2ab68
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_ia64.deb

      Size/MD5 checksum: 10772880
4ed5ce9902a27e30beec5203cfc5383a
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_ia64.deb

      Size/MD5 checksum: 1253362
08f1fdf4719e826bdbfc08ec7db96176

HP Precision architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_hppa.deb

      Size/MD5 checksum: 945552
80bba0f50f46cf3df8d4128babef70b6
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_hppa.deb

      Size/MD5 checksum: 9305578
8a9dfcf80dd6933cf67315218213cbee
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_hppa.deb

      Size/MD5 checksum: 1243438
467722d7eaed3a16e2a54af3591abc9a

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_m68k.deb

      Size/MD5 checksum: 837964
ccb138a26e097177edc77e518b9431ce
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_m68k.deb

      Size/MD5 checksum: 7916544
fa76d9fe08d0f84b46365b980a52402a
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_m68k.deb

      Size/MD5 checksum: 1237598
9bd963ab4e7f04135a3f33f90c944d4a

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_mips.deb

      Size/MD5 checksum: 876822
727b1bd6c50a8acf90740811dbfc316d
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_mips.deb

      Size/MD5 checksum: 7426328
da9a3aa25f8ccc04a1be6b65a1741d5b
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_mips.deb

      Size/MD5 checksum: 1238184
7a5e3a18453b67a5f959a39db973e597

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_mipsel.deb

      Size/MD5 checksum: 873134
343b7aa8020f606fdd158e21f007e652
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_mipsel.deb

      Size/MD5 checksum: 7298044
34c6038b2437b771c778eb7bc8c9ab83
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_mipsel.deb

      Size/MD5 checksum: 1238048
30537a2615302d85bc1fb40713bc3405

PowerPC architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_powerpc.deb

      Size/MD5 checksum: 903792
c09601d486c2763fd09fcfb4fd5f09ad
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_powerpc.deb

      Size/MD5 checksum: 7922190
9b82276bacc75ae5853c639ca78957d6
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_powerpc.deb

      Size/MD5 checksum: 1242190
fb0894185ff11865d871ed9e724682f1

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_s390.deb

      Size/MD5 checksum: 892444
9ef1bc507ee96a815fabfb7b2b417cd8
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_s390.deb

      Size/MD5 checksum: 8636302
82321ab6e9bfc4a1e472e3689eb1fb6f
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_s390.deb

      Size/MD5 checksum: 1239584
7f1460f0299a51fbb10dbeca8ee7af2f

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_sparc.deb

      Size/MD5 checksum: 825002
d8b9497e79340e9e6010f1093e2324c7
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_sparc.deb

      Size/MD5 checksum: 7745946
7da1e6a7ab6a5db078923d0108c6f2ce
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_sparc.deb

      Size/MD5 checksum: 1238828
6a9d2330a6596a12a6d23202ca079089

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 805-1 [email protected]
http://www.debian.org/security/
Martin Schulze
September 8th, 2005 http://www.debian.org/security/faq


Package : apache2
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CAN-2005-1268 CAN-2005-2088 CAN-2005-2700
CAN-2005-2728
BugTraq ID : 14660
Debian Bugs : 316173 320048 320063 326435

Several problems have been discovered in Apache2, the next
generation, scalable, extendable web server. The Common
Vulnerabilities and Exposures project identifies the following
problems:

CAN-2005-1268

Marc Stern discovered an off-by-one error in the mod_ssl
Certificate Revocation List (CRL) verification callback. When
Apache is configured to use a CRL this can be used to cause a
denial of service.

CAN-2005-2088

A vulnerability has been discovered in the Apache web server.
When it is acting as an HTTP proxy, it allows remote attackers to
poison the web cache, bypass web application firewall protection,
and conduct cross-site scripting attacks, which causes Apache to
incorrectly handle and forward the body of the request.

CAN-2005-2700

A problem has been discovered in mod_ssl, which provides strong
cryptography (HTTPS support) for Apache that allows remote
attackers to bypass access restrictions.

CAN-2005-2728

The byte-range filter in Apache 2.0 allows remote attackers to
cause a denial of service via an HTTP header with a large Range
field.

The old stable distribution (woody) does not contain Apache2
packages.

For the stable distribution (sarge) these problems have been
fixed in version 2.0.54-5.

For the unstable distribution (sid) these problems have been
fixed in version 2.0.54-5.

We recommend that you upgrade your apache2 packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5.dsc

      Size/MD5 checksum: 1141
779558a3a1edad615114d9e951d44352
    http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5.diff.gz

      Size/MD5 checksum: 110044
3f51c615473cb57d4d182e1abbeffcd4
    http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54.orig.tar.gz

      Size/MD5 checksum: 7493636
37d0d0a3e25ad93d37f0483021e70409

Architecture independent components:

    http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.0.54-5_all.deb

      Size/MD5 checksum: 3861324
429e520dda920f145468b39f4b3f2c2c
    http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb

      Size/MD5 checksum: 33460
df584a81cd27a1858014ac52cfdd9ab9

Alpha architecture:

    http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5_alpha.deb

      Size/MD5 checksum: 33380
6b79f9d492027d367c61604068f0d9d4
    http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5_alpha.deb

      Size/MD5 checksum: 865256
35799c3a99a6bf00ab6912c062f6e688
    http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5_alpha.deb

      Size/MD5 checksum: 246262
898ac33f06c871d251bb661e0f6bd214
    http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5_alpha.deb

      Size/MD5 checksum: 241370
73e3c57d0a294829c88dcc1532720e64
    http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5_alpha.deb

      Size/MD5 checksum: 245574
76324bf7139b28f909f3b20d5fa7e264
    http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5_alpha.deb

      Size/MD5 checksum: 167582
1dde0667290c8a7cb467125c3b0196c2