-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 689-1 security@xxxxxxxxxx http://www.debian.org/security/ Martin Schulze February 23rd, 2005 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : libapache-mod-python Vulnerability : missing input sanisiting Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-0088 Graham Dumpleton discovered a flaw which can affect anyone using the publisher handle of the Apache Software Foundation's mod_python. The publisher handle lets you publish objects inside modules to make them callable via URL. The flaw allows a carefully crafted URL to obtain extra information that should not be visible (information leak). For the stable distribution (woody) this problem has been fixed in version 2.7.8-0.0woody5. For the unstable distribution (sid) this problem has been fixed in version 2.7.10-4 of libapache-mod-python and in version 3.1.3-3 of libapache2-mod-python. We recommend that you upgrade your libapache-mod-python package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5.dsc Size/MD5 checksum: 715 b0716ef2fca40600c41d77c45bcc4167 http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5.diff.gz Size/MD5 checksum: 8261 69110f0e179d5b6f93542233ca6014c4 http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8.orig.tar.gz Size/MD5 checksum: 176639 4d5bee8317bfb45a3bb09f02b435e917 Alpha architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_alpha.deb Size/MD5 checksum: 120410 64e141ce045b242ce8372b0a2b4be1d7 ARM architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_arm.deb Size/MD5 checksum: 118242 d5738e2ae1a50394ad6964c6fc698652 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_i386.deb Size/MD5 checksum: 117626 acc4d8975aff9f0df543ba7015781ac3 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_ia64.deb Size/MD5 checksum: 131522 d7ad903ce69e71242e62ad37b7faa91a HP Precision architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_hppa.deb Size/MD5 checksum: 120182 6bce263b5cb8b4f4812c56483aa50e37 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_m68k.deb Size/MD5 checksum: 118688 3bf883aeee5ad3918b8dc303269f4475 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_mips.deb Size/MD5 checksum: 117644 5221344e02f32234c1e889d6d66f6f5d Little endian MIPS architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_mipsel.deb Size/MD5 checksum: 117386 e3acec959d1bfbdfcc10a6faff7c83cf PowerPC architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_powerpc.deb Size/MD5 checksum: 118564 574476da068dc51a89d434506059483b IBM S/390 architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_s390.deb Size/MD5 checksum: 119368 a5bf1d308b8fd847af7c22a657316834 Sun Sparc architecture: http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_sparc.deb Size/MD5 checksum: 118498 841af8c2e626a24c182cee27d7e71a24 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCHIWkW5ql+IAeqTIRAg8uAKCuJruouCw8j3HDLRBQBJOB9w+snACdE1ir vCtwa1Lz/XU9O54Ck7L7ScU= =dSOn -----END PGP SIGNATURE-----
