Date: Fri, 28 Aug 1998 21:12:30 +0200 From: Martin Schulze <joey@kuolema.Infodrom.North.DE> To: Debian Security Announcements <debian-security-announce@lists.debian.org> Subject: [SECURITY] New versions of apache fixes denial of services --8t9RHnE3ZwKMSgU+ Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable We have received a report from Dag-Erling Coidan Sm=F8rgrav who says that the apache as distributed with Debian GNU/Linux 2.0 is vulnerable to a denial of services exploit, where repeated, identical headers can consume O(n^2) memory. We recommend you upgrade your apache package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.0 alias hamm ------------------------------- This version of Debian was released only for the Intel and the Motorola 68xxx architecture. ftp://ftp.debian.org/debian/dists/stable-updates/apache_1.3.0-5.diff.gz MD5 checksum: ce19f3993e469bd862c6160ba2809ed9 ftp://ftp.debian.org/debian/dists/stable-updates/apache_1.3.0-5.dsc MD5 checksum: e8fc0dd9660fc17ba7423ae2235e9463 ftp://ftp.debian.org/debian/dists/stable-updates/apache_1.3.0-5_i386.ch= anges MD5 checksum: 0470ab9f66a70b3ad4745a902983be7c Intel architecture: ftp://ftp.debian.org/debian/dists/stable-updates/apache_1.3.0-5_i386.deb MD5 checksum: 3b3741bbf86e104babecffbc658203dd Motorola 68xxx architecture: ftp://ftp.debian.org/debian/dists/stable-updates/apache_1.3.0-5_m68k.deb MD5 checksum: 9187faca2e84f5b43439b29d814c7fe3 These files will be moved into ftp://ftp.debian.org/debian/dists/hamm/*/binary-$arch/ soon. For other architectures please refer to the appropriate directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . -- Debian GNU/Linux . Security Managers . security@debian.org debian-security-announce@lists.debian.org Christian Hudon <chrish@debian.org> . Martin Schulze <joey@debian.org> --8t9RHnE3ZwKMSgU+ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBNecBHRRNm5Suj3z1AQF+OQQAgDXkNTAffoNupgeZSWxnx2Z1tsvTvmCl qZrsJschGaCFKeTbE83PuWC7v7HWY7M+VU/f4u8VFAwAyVv5g26L0r//oTyZkBJL kraXtmdIhaLXw40LCxCNULLFH788XzareDBBY4sZBWckMzdwLmZ5SPvMLgI5Vt5F OrDhJQLh6Ks= =4ZWc -----END PGP SIGNATURE----- --8t9RHnE3ZwKMSgU+-- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org