Security
SHARE
Facebook X Pinterest WhatsApp

Debian GNU/Linux Advisory: libapache-mod-ssl

Written By
thumbnail
Web Webster
Web Webster
Jul 2, 2002 
- ------------------------------------------------------------------------
Debian Security Advisory DSA-135-1                   security@debian.org
http://www.debian.org/security/                    Robert van der Meulen
July  2, 2002
- ------------------------------------------------------------------------


Package        : libapache-mod-ssl
Problem type   : buffer overflow / DoS
Debian-specific: no

The libapache-mod-ssl package provides SSL capability to the apache
webserver.
Recently, a problem has been found in the handling of .htaccess files,
allowing arbitrary code execution as the web server user (regardless of
ExecCGI / suexec settings), DoS attacks (killing off apache children), and
allowing someone to take control of apache child processes - all trough
specially crafted .htaccess files.
More information about this vulnerability can be found at

http://online.securityfocus.com/bid/5084

This has been fixed in the libapache-mod-ssl_2.4.10-1.3.9-1potato2 package
(for potato), and the libapache-mod-ssl_2.8.9-2 package (for woody) .
We recommend you upgrade as soon as possible.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
  Packages for m68k are not available at this moment. 

  Source archives:

    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2.dsc
      MD5 checksum:     5b2cb207ba8214f52ffbc28836dd8dc4
    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2.diff.gz 
      MD5 checksum:     29eef2b3307f00d92eb425ac669dabec
    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9.orig.tar.gz
      MD5 checksum:     cb0f2e07065438396f0d5df403dd2c16

  Architecture independent packages:

    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.4.10-1.3.9-1potato2_all.deb
      MD5 checksum:     ebd8154f614e646b3a12980c8db606b6

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_alpha.deb
      MD5 checksum:     a3d73598e692b9c0bb945a52a00a363c

  arm architecture (ARM)
    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_arm.deb
      MD5 checksum:     11e1085504430cacadd0255a0743b80a      

  i386 architecture (Intel ia32)
    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_i386.deb
      MD5 checksum:     a1fd7d6a7ef3506ee0f94e56735d3d08

  powerpc architecture (PowerPC)
    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_powerpc.deb
      MD5 checksum:     0f01742c2a77f2728baea4e1e9ad7ff0

  sparc architecture (Sun SPARC/UltraSPARC)
    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_sparc.deb
      MD5 checksum:     4982a209adc93acbf50a650a3569d217

  These packages will be moved into the stable distribution on its next
  revision.

Debian GNU/Linux 3.0 alias woody
- --------------------------------
                                                                                                    
  Woody will be released for alpha, arm, hppa, i386, ia64, m68k, mips,
  mipsel, powerpc, s390 and sparc.
  Packages for ia64 and hppa are not available for the moment.

  Source archives:

    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.dsc
      MD5 checksum:     7cce5c97bd3cf35c8782d54a25138165
    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.diff.gz
      MD5 checksum:     fc9f20e6d3bece6f0d3bad067c61d56a

  Architecture independent packages:
    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.8.9-2_all.deb
      MD5 checksum:     541257e99c523141625f5fc43fb3dec4

  alpha architecture (DEC Alpha)
    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_alpha.deb
      MD5 checksum:     712e406d8be713047f3e46bbf58269a5

  arm architecture (ARM)
    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_arm.deb
      MD5 checksum:     8ce3d4d45f45423a6c6b7d795c319d33

  i386 architecture (intel ia32)
    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_i386.deb
      MD5 checksum:     06733dc49c228230e5713f34eae7f8b0

  m68k architecture 
    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_m68k.deb
      MD5 checksum:     e5a8518aac6d08bb5e9cc50195d336e3

  mips architecture
    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_mips.deb
      MD5 checksum:     dde883d6ee72f3b29fc324d9cb497670

  mipsel architecture
    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_mipsel.deb
      MD5 checksum:     a80756857248358c7973a5b0fb9372e2

  powerpc architecture (PowerPC)
    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_powerpc.deb
      MD5 checksum:     715876a54ddddf1e17e4c2ec9d2f5eea

  s390 architecture (S390)
    http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_s390.deb
      MD5 checksum:     1a31f564ceba0ca82d9892d023caffd0
  
- -- 
- ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
thumbnail
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Recommended for you...

Blog
A Thorough Approach to Improve the Privacy and Security of Your Linux PC
Damien
Oct 24, 2024
Blog
Several Russian Maintainers Removed From Linux Kernel Due To Compliance Concerns
Senthil Kumar
Oct 23, 2024
Blog
OpenSSH Splits Again: New Authentication Binary Unveiled
Bobby Borisov
Oct 16, 2024
Blog
13 Best Free and Open Source Anti-Malware Tools
webmaster
Oct 14, 2024
Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

facebook
linkedin
x

Company

Contact us

Categories

News IT Management Infrastructure Developer Security High Performance Storage Blog

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information