[USN-80-1] mod_python vulnerability

Martin Pitt martin.pitt at canonical.com
Fri Feb 11 03:41:39 CST 2005


===========================================================
Ubuntu Security Notice USN-80-1		  February 11, 2005
libapache2-mod-python vulnerabilities
CAN-2005-0088
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libapache2-mod-python2.2
libapache2-mod-python2.3

The problem can be corrected by upgrading the affected package to
version 3.1.3-1ubuntu3.2.  After a standard system upgrade you need to
restart the Apache 2 web server using

  sudo /etc/init.d/apache2 restart

to effect the necessary changes.

Details follow:

Graham Dumpleton discovered an information disclosure in the
"publisher" handle of mod_python. By requesting a carefully crafted
URL for a published module page, anybody can obtain extra information
about internal variables, objects, and other information which is not
intended to be visible.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2.diff.gz
      Size/MD5:    24067 485183927dd680eedb351cedbd0bb882
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2.dsc
      Size/MD5:      806 3b141dd6a13c2abc0c1780ff8d9c34aa
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3.orig.tar.gz
      Size/MD5:   293548 2e1983e35edd428f308b0dfeb1c23bfe

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python-doc_3.1.3-1ubuntu3.2_all.deb
      Size/MD5:   100700 6890472b77b13191bf5106123bbebc6c
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2_all.deb
      Size/MD5:    12462 b48ab5f2c09c47bfe0c7c02243766c4f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_amd64.deb
      Size/MD5:    87564 e331d0cbb7aacadc64ef44d41d326587
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_amd64.deb
      Size/MD5:    87650 0dcbdb227cae1b4721c4b8e0454b4ea6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_i386.deb
      Size/MD5:    80502 003d29054ae210f2f81826bac8de7856
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_i386.deb
      Size/MD5:    80538 1813380c5c39583e9311e117f2823aca

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_powerpc.deb
      Size/MD5:    85218 d56d5f3a5cda43096dda9d1d7fc3fc0b
    http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_powerpc.deb
      Size/MD5:    85350 9df8b87f95570137d2402818a252b38d
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20050211/eb91be82/attachment.pgp


More information about the ubuntu-security-announce mailing list