Debian
apache2 package

Security: buffer-overrun in apache2-ssl

Bug #19888 reported by Debian Bug Importer
6
Affects Status Importance Assigned to Milestone
apache2 (Debian)
Fix Released
Unknown
apache2 (Ubuntu)
Invalid
High
Adam Conrad

Bug Description

Automatically imported from Debian bug report #320063 http://bugs.debian.org/320063

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Marking as duplicate based on debbugs merge (320048,320063)

This bug has been marked as a duplicate of bug 19887.

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Tue, 26 Jul 2005 20:45:35 +0200
From: <email address hidden>
To: <email address hidden>
Subject: Security: buffer-overrun in apache2-ssl

Package: apache2
Version: 2.0.54-4
Severity:critical
Tags: security, fixed-upstream

There is a possible remote-exploitable buffer overrun in the Apache2 ssl
implementation. A patch is available.

See
http://issues.apache.org/bugzilla/show_bug.cgi?id=35081
and
http://svn.apache.org/viewcvs?rev=189562&view=rev

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Tue, 26 Jul 2005 23:06:35 +0200
From: Sven Mueller <email address hidden>
To: <email address hidden>
Subject: Duplicate bug report

Package: apache2
severity 320048 critical
Tags 320048 +fixed-upstream
Retitle 320048 Security: buffer-overrun in apache2-ssl
Tags 320063 +patch
Merge 320048 320063
thanks

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Wed, 27 Jul 2005 01:24:24 +0200
From: Sven Mueller <email address hidden>
To: <email address hidden>
Subject: try to fix previous merge

unmerge 320048
submitter 320048 <email address hidden>
merge 320063 320048
thanks

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (5.8 KiB)

Message-Id: <email address hidden>
Date: Thu, 08 Sep 2005 11:17:06 -0700
From: Adam Conrad <adconrad@0c3.net>
To: <email address hidden>
Subject: Bug#320048: fixed in apache2 2.0.54-5

Source: apache2
Source-Version: 2.0.54-5

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb
apache2-doc_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb
apache2-mpm-perchild_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb
apache2-mpm-prefork_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb
apache2-mpm-threadpool_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb
apache2-mpm-worker_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb
apache2-prefork-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb
apache2-threaded-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb
apache2-utils_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb
apache2_2.0.54-5.diff.gz
  to pool/main/a/apache2/apache2_2.0.54-5.diff.gz
apache2_2.0.54-5.dsc
  to pool/main/a/apache2/apache2_2.0.54-5.dsc
apache2_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2_2.0.54-5_i386.deb
libapr0-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb
libapr0_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 2 Sep 2005 22:26:28 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source all i386
Version: 2.0.54-5
Distribution: stable-security
Urgency: high
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
 apache2 - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-threadpool - experimental high speed model for Apache2 (transitional package)
 apache2-mpm-worker - high speed threaded mod...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (5.8 KiB)

Message-Id: <email address hidden>
Date: Thu, 08 Sep 2005 11:17:06 -0700
From: Adam Conrad <adconrad@0c3.net>
To: <email address hidden>
Subject: Bug#320063: fixed in apache2 2.0.54-5

Source: apache2
Source-Version: 2.0.54-5

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb
apache2-doc_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb
apache2-mpm-perchild_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb
apache2-mpm-prefork_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb
apache2-mpm-threadpool_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb
apache2-mpm-worker_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb
apache2-prefork-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb
apache2-threaded-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb
apache2-utils_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb
apache2_2.0.54-5.diff.gz
  to pool/main/a/apache2/apache2_2.0.54-5.diff.gz
apache2_2.0.54-5.dsc
  to pool/main/a/apache2/apache2_2.0.54-5.dsc
apache2_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2_2.0.54-5_i386.deb
libapr0-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb
libapr0_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 2 Sep 2005 22:26:28 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source all i386
Version: 2.0.54-5
Distribution: stable-security
Urgency: high
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
 apache2 - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-threadpool - experimental high speed model for Apache2 (transitional package)
 apache2-mpm-worker - high speed threaded mod...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (5.8 KiB)

Message-Id: <email address hidden>
Date: Sat, 17 Dec 2005 00:05:09 -0800
From: Adam Conrad <adconrad@0c3.net>
To: <email address hidden>
Subject: Bug#320048: fixed in apache2 2.0.54-5

Source: apache2
Source-Version: 2.0.54-5

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb
apache2-doc_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb
apache2-mpm-perchild_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb
apache2-mpm-prefork_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb
apache2-mpm-threadpool_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb
apache2-mpm-worker_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb
apache2-prefork-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb
apache2-threaded-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb
apache2-utils_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb
apache2_2.0.54-5.diff.gz
  to pool/main/a/apache2/apache2_2.0.54-5.diff.gz
apache2_2.0.54-5.dsc
  to pool/main/a/apache2/apache2_2.0.54-5.dsc
apache2_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2_2.0.54-5_i386.deb
libapr0-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb
libapr0_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 2 Sep 2005 22:26:28 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source all i386
Version: 2.0.54-5
Distribution: stable-security
Urgency: high
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
 apache2 - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-threadpool - experimental high speed model for Apache2 (transitional package)
 apache2-mpm-worker - high speed threaded mod...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (5.8 KiB)

Message-Id: <email address hidden>
Date: Sat, 17 Dec 2005 00:05:09 -0800
From: Adam Conrad <adconrad@0c3.net>
To: <email address hidden>
Subject: Bug#320063: fixed in apache2 2.0.54-5

Source: apache2
Source-Version: 2.0.54-5

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb
apache2-doc_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb
apache2-mpm-perchild_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb
apache2-mpm-prefork_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb
apache2-mpm-threadpool_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb
apache2-mpm-worker_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb
apache2-prefork-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb
apache2-threaded-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb
apache2-utils_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb
apache2_2.0.54-5.diff.gz
  to pool/main/a/apache2/apache2_2.0.54-5.diff.gz
apache2_2.0.54-5.dsc
  to pool/main/a/apache2/apache2_2.0.54-5.dsc
apache2_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2_2.0.54-5_i386.deb
libapr0-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb
libapr0_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 2 Sep 2005 22:26:28 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source all i386
Version: 2.0.54-5
Distribution: stable-security
Urgency: high
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
 apache2 - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-threadpool - experimental high speed model for Apache2 (transitional package)
 apache2-mpm-worker - high speed threaded mod...

Read more...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.