USN-160-2: Apache vulnerability

Martin Pitt martin.pitt at
Wed Sep 7 07:50:29 UTC 2005

Ubuntu Security Notice USN-160-2	 September 07, 2005
apache vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to
version 1.3.31-6ubuntu0.8 (for Ubuntu 4.10), or 1.3.33-4ubuntu1 (for
Ubuntu 5.04). In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

USN-160-1 fixed two vulnerabilities in the Apache 2 server. The old
Apache 1 server was also vulnerable to one of the vulnerabilities
(CAN-2005-2088). Please note that Apache 1 is not officially supported
in Ubuntu (it is in the "universe" component of the archive).

For reference, this is the relevant part of the original advisory:

  Watchfire discovered that Apache insufficiently verified the
  "Transfer-Encoding" and "Content-Length" headers when acting as an
  HTTP proxy. By sending a specially crafted HTTP request, a remote
  attacker who is authorized to use the proxy could exploit this to
  bypass web application firewalls, poison the HTTP proxy cache, and
  conduct cross-site scripting attacks against other proxy users.

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:
      Size/MD5:   372493 c5001a1196912f3edfc785b5e2a5ebbc
      Size/MD5:     1102 c0f99d722fd5092be8c6cc800bc98020
      Size/MD5:  3104170 ca475fbb40087eb157ec51334f260d1b

  Architecture independent packages:
      Size/MD5:   329846 42899fed4f93fc9aa98743ca8d6bbea1
      Size/MD5:  1186908 e1bf21edf1a8dd848d6fff0ed9c15319

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   873716 c70369c55517959829b6596efa3ac295
      Size/MD5:  9131484 42174cf7f3b4054f1586e6ac0328180e
      Size/MD5:   520854 389333cfe500df5fa2ddbb05acd39268
      Size/MD5:   510938 856eb92f93f481c054b473699507b9e7
      Size/MD5:   271648 1a4f48aa2a3218d148e11a8e83134326
      Size/MD5:   398398 9af432f952f18349223abdc14efbe5af
      Size/MD5:   491788 f5b1f7a21c419a2db9b8f8ecc8b00ada

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   838714 e50241ee55e408f5be6ee0ca528191f4
      Size/MD5:  9080744 0ddc1d368aceb07f7046d80d77e160b7
      Size/MD5:   494480 d0f38faf557c5606da32377bf860bc2d
      Size/MD5:   484248 932390c88b13b14a2d39ae85d4eb2c2c
      Size/MD5:   265448 5349d926e161a16b3416f273591454ef
      Size/MD5:   377652 ccf175352ec693f8dcde9ee0b9005fbe
      Size/MD5:   485142 09118f966d87a9ed22a00f8d641fae48

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   917796 42513834c278d8313e8ca1496a13a88b
      Size/MD5:  9226168 03fe292aac21254f752010e827ef82b7
      Size/MD5:   511502 4982e1ffb129cca49974208619502834
      Size/MD5:   507376 30d6000a4eebf427f18f9963d9bc94da
      Size/MD5:   278778 36a97646fdb52d9ef8ea93691aad2ab2
      Size/MD5:   395824 7c4e799a6d4254614819de0a447bf4db
      Size/MD5:   489118 ee494dbef77278e641ab54a4154de599

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:
      Size/MD5:   364482 4fa62ef8a41a30d49f41f3248b0671d0
      Size/MD5:     1121 cd89b81f9fc67b4d25cdc8b482e14bf8
      Size/MD5:  3105683 1a34f13302878a8713a2ac760d9b6da8

  Architecture independent packages:
      Size/MD5:   331086 5dbb29add5c15b72a1901b653d22affd
      Size/MD5:  1189152 f55d0f105549e660ff785b4f983df80d
      Size/MD5:   211854 84bd3cb878b4c8125fc17b42497db935

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   875046 c6bdfa39ba3a12c70b82824b955cb6ed
      Size/MD5:  9163882 d0e9ec7f9d9a49a431f5fd97f93f6b87
      Size/MD5:   522170 c54f45b7938d50f70a966aad92a673a0
      Size/MD5:   512346 8a0bf2edac677b390b9f8c9b43c38c79
      Size/MD5:   399826 cde2880823c45ae1a57f3bd748d298b3
      Size/MD5:   492232 27674bfd322d2832e750d416d0159289

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   839554 6b29480273d1006da2515b2e0573e9d2
      Size/MD5:  9104572 b9d31e4995d51b303e99cf0268ca0f76
      Size/MD5:   495148 45ab419a9a5bc9d722f05b61d0e85628
      Size/MD5:   485346 20658ea1db74678ebb640fcabaa95359
      Size/MD5:   378756 b6eb23b11d150e41ad0520595963dc12
      Size/MD5:   485640 e9665bcc49dba12bb88d0dbbc91dc2ca

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   919468 1acb3a95dc392908764366eb7a9cf837
      Size/MD5:  9253540 b79b964d8b328168a5e84141369591b6
      Size/MD5:   513098 e3731ecc291e9f4a1b33909991973a5a
      Size/MD5:   508990 f93f9393257bfeb010757eca85067f77
      Size/MD5:   397092 ec577980cf93a5de6f8ec7e5db0316a9
      Size/MD5:   490332 6a06c0a6a65c34b48e99e5d666b35500
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <>

More information about the ubuntu-security-announce mailing list