Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Login

If you don't have an account yet, visit the registration page to sign up.

If you already have an account, you may login here:

Today's Big Story

After 16 Years, Pidgin 3 Takes Its First Steps

LXer Features

Linux That's Small

Encryption, Trust, and the Hidden Dangers of Vendor-Controlled Data

My Linux Mint Tribute

How I Turned My Chromebook Into A "Mintbook"

Adventures With My New Chromebook

My Linux Laptop

Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Publish it here.

DaniWeb Linux Community
An exciting professional discussion group about software development, php, shell scripting, networking, ruby, and more.

Latest Discussions

Good Advice

Straight frwd run archinstall 3.0.0 crashes in pipewiire section

Hyprland 0.45.0 has just been released for Arch Linux based

See Activation Cube feature on Fedora 41 KDE Spin in VENV

You don't need AI to know how this goes

Should be a SNL skit

Please add https to lxer.com

Anyone remember Distrotest.net? I found a new one!

Site Menu

Other News

- LWN.net
Their weekly coverage of Linux news is unmatched in this community.

- LinuxGizmos.com
Excellent news for embedded Linux.

- LinuxQuestions.org
Discussion forums for Linux users.

LinuxQuestions.org is a friendly and active Linux Community with forums, reviews, a hardware compatibility list, a wiki, tutorials, a download site, a podcast and more.

Debian alert: New libapache-mod-python packages fix denial of service

Posted by dave on Mar 1, 2004 3:25 AM EDT
Mailing list

Mail this story
Print this story

The Apache Software Foundation announced that some versions of mod_python contain a bug which, when processing a request with a malformed query string, could cause the corresponding Apache child to crash. This bug could be exploited by a remote attacker to cause a denial of service.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

- -------------------------------------------------------------------------- Debian Security Advisory DSA 452-1 [e-mail:security@debian.org] http://www.debian.org/security/ Matt Zimmerman February 29th, 2004 http://www.debian.org/security/faq - --------------------------------------------------------------------------

Package : libapache-mod-python Vulnerability : denial of service Problem-Type : remote Debian-specific: no CVE Id : CAN-2003-0973 Debian bug : 222828

The Apache Software Foundation announced that some versions of mod_python contain a bug which, when processing a request with a malformed query string, could cause the corresponding Apache child to crash. This bug could be exploited by a remote attacker to cause a denial of service.

For the current stable distribution (woody) this problem has been fixed in version 2:2.7.8-0.0woody2.

For the unstable distribution (sid), this problem has been fixed in version 2:2.7.10-1.

We recommend that you update your libapache-mod-python package.

Upgrade Instructions - --------------------

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2.dsc Size/MD5 checksum: 715 3f6bd19f154109251e7ee9b8db73ebfb http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2.diff.gz Size/MD5 checksum: 7564 bad7102a98f242d28ff3736e4e971fe5 http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8.orig.tar.gz Size/MD5 checksum: 176639 4d5bee8317bfb45a3bb09f02b435e917

Alpha architecture:

http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_alpha.deb Size/MD5 checksum: 120032 20e1ba89516235ec67df12f8a0236198

ARM architecture:

http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_arm.deb Size/MD5 checksum: 117906 64b6fbcbe483dc388f5cb4e75fa63610

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_i386.deb Size/MD5 checksum: 117296 e2ab69380e7e9451ab454605cb1d3e34

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_ia64.deb Size/MD5 checksum: 131076 cea1f9dca578ba7e4cac7a7bc8638829

HP Precision architecture:

http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_hppa.deb Size/MD5 checksum: 119784 fcfe4d4ddbdbf29255a51eee77c10422

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_m68k.deb Size/MD5 checksum: 118270 dff9473d327a981959831c9a08a48053

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_mips.deb Size/MD5 checksum: 117288 0d51ab71f85b5d93b23f593be4e8e7e6

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_mipsel.deb Size/MD5 checksum: 117018 52d9bca3ae178e68ef20b64dfb6b96a9

PowerPC architecture:

http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_powerpc.deb Size/MD5 checksum: 118232 6a42f9f8f923837788b586c711a6fa6b

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_s390.deb Size/MD5 checksum: 119002 f13e42b816e93b5c6533df6b8c0aa597

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_sparc.deb Size/MD5 checksum: 118176 23da855358f4b8cff799a9478c8e2d81

These files will probably be moved into the stable distribution on its next revision.

- --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [e-mail:debian-security-announce@lists.debian.org] Package info: 'apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAQrzhArxCt0PiXR4RAqQ4AKCud/x/+9X1xzVLVdbGMekduYMHvwCgo04h yM+/eqaKOhlpewhpTh0gx8k= =Z9dR -----END PGP SIGNATURE-----

-- To UNSUBSCRIBE, email to [e-mail:debian-security-announce-request@lists.debian.org] with a subject of "unsubscribe". Trouble? Contact [e-mail:listmaster@lists.debian.org]

Linux NewsThe world is talking about GNU/Linux and Free/Open Source Software