[Bug 811422] Re: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite
This bug was fixed in the package apache2 - 2.2.16-1ubuntu3.5 --- apache2 (2.2.16-1ubuntu3.5) maverick-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf directive (LP: #811422) - debian/patches/215_CVE-2011-3607.dpatch: validate length in server/util.c. - CVE-2011-3607 * SECURITY UPDATE: another mod_proxy reverse proxy exposure - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c, server/protocol.c. - CVE-2011-4317 * SECURITY UPDATE: denial of service and possible code execution via type field modification within a scoreboard shared memory segment - debian/patches/218_CVE-2012-0031.dpatch: check type field in server/scoreboard.c. - CVE-2012-0031 * SECURITY UPDATE: cookie disclosure via Bad Request errors - debian/patches/219_CVE-2012-0053.dpatch: check lengths in server/protocol.c. - CVE-2012-0053 -- Marc Deslauriers marc.deslauri...@ubuntu.com Tue, 14 Feb 2012 10:11:29 -0500 ** Changed in: apache2 (Ubuntu Lucid) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/811422 Title: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 811422] Re: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite
This bug was fixed in the package apache2 - 2.2.14-5ubuntu8.8 --- apache2 (2.2.14-5ubuntu8.8) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf directive (LP: #811422) - debian/patches/215_CVE-2011-3607.dpatch: validate length in server/util.c. - CVE-2011-3607 * SECURITY UPDATE: another mod_proxy reverse proxy exposure - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c, server/protocol.c. - CVE-2011-4317 * SECURITY UPDATE: denial of service and possible code execution via type field modification within a scoreboard shared memory segment - debian/patches/218_CVE-2012-0031.dpatch: check type field in server/scoreboard.c. - CVE-2012-0031 * SECURITY UPDATE: cookie disclosure via Bad Request errors - debian/patches/219_CVE-2012-0053.dpatch: check lengths in server/protocol.c. - CVE-2012-0053 -- Marc Deslauriers marc.deslauri...@ubuntu.com Tue, 14 Feb 2012 10:36:43 -0500 ** Changed in: apache2 (Ubuntu Hardy) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/811422 Title: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 811422] Re: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite
This bug was fixed in the package apache2 - 2.2.8-1ubuntu0.23 --- apache2 (2.2.8-1ubuntu0.23) hardy-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf directive (LP: #811422) - debian/patches/220_CVE-2011-3607.dpatch: validate length in server/util.c. - CVE-2011-3607 * SECURITY UPDATE: another mod_proxy reverse proxy exposure - debian/patches/221_CVE-2011-4317.dpatch: validate additional URIs in modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c, server/protocol.c. - CVE-2011-4317 * SECURITY UPDATE: denial of service and possible code execution via type field modification within a scoreboard shared memory segment - debian/patches/222_CVE-2012-0031.dpatch: check type field in server/scoreboard.c. - CVE-2012-0031 * SECURITY UPDATE: cookie disclosure via Bad Request errors - debian/patches/223_CVE-2012-0053.dpatch: check lengths in server/protocol.c. - CVE-2012-0053 -- Marc Deslauriers marc.deslauri...@ubuntu.com Tue, 14 Feb 2012 10:49:11 -0500 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/811422 Title: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 811422] Re: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite
This bug was fixed in the package apache2 - 2.2.17-1ubuntu1.5 --- apache2 (2.2.17-1ubuntu1.5) natty-security; urgency=low * SECURITY UPDATE: arbitrary code execution via crafted SetEnvIf directive (LP: #811422) - debian/patches/215_CVE-2011-3607.dpatch: validate length in server/util.c. - CVE-2011-3607 * SECURITY UPDATE: another mod_proxy reverse proxy exposure - debian/patches/216_CVE-2011-4317.dpatch: validate additional URIs in modules/mappers/mod_rewrite.c, modules/proxy/mod_proxy.c, server/protocol.c. - CVE-2011-4317 * SECURITY UPDATE: denial of service via invalid cookie - debian/patches/217_CVE-2012-0021.dpatch: check name and value in modules/loggers/mod_log_config.c. - CVE-2012-0021 * SECURITY UPDATE: denial of service and possible code execution via type field modification within a scoreboard shared memory segment - debian/patches/218_CVE-2012-0031.dpatch: check type field in server/scoreboard.c. - CVE-2012-0031 * SECURITY UPDATE: cookie disclosure via Bad Request errors - debian/patches/219_CVE-2012-0053.dpatch: check lengths in server/protocol.c. - CVE-2012-0053 -- Marc Deslauriers marc.deslauri...@ubuntu.com Tue, 14 Feb 2012 10:02:26 -0500 ** Changed in: apache2 (Ubuntu Maverick) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/811422 Title: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 811422] Re: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite
** Also affects: apache2 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: apache2 (Ubuntu Precise) Importance: Low Assignee: Jamie Strandboge (jdstrand) Status: Incomplete ** Also affects: apache2 (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: apache2 (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: apache2 (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: apache2 (Ubuntu Natty) Importance: Undecided Status: New ** Changed in: apache2 (Ubuntu Hardy) Status: New = Confirmed ** Changed in: apache2 (Ubuntu Lucid) Status: New = Confirmed ** Changed in: apache2 (Ubuntu Maverick) Status: New = Confirmed ** Changed in: apache2 (Ubuntu Natty) Status: New = Confirmed ** Changed in: apache2 (Ubuntu Oneiric) Status: New = Confirmed ** Changed in: apache2 (Ubuntu Precise) Status: Incomplete = Fix Released ** Changed in: apache2 (Ubuntu Precise) Assignee: Jamie Strandboge (jdstrand) = (unassigned) ** Changed in: apache2 (Ubuntu Hardy) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: apache2 (Ubuntu Lucid) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: apache2 (Ubuntu Maverick) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: apache2 (Ubuntu Oneiric) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: apache2 (Ubuntu Natty) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) ** Changed in: apache2 (Ubuntu Hardy) Importance: Undecided = Low ** Changed in: apache2 (Ubuntu Lucid) Importance: Undecided = Low ** Changed in: apache2 (Ubuntu Maverick) Importance: Undecided = Low ** Changed in: apache2 (Ubuntu Oneiric) Importance: Undecided = Low ** Changed in: apache2 (Ubuntu Natty) Importance: Undecided = Low -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/811422 Title: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 811422] Re: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite
CVE-2011-3607 is fixed upstream in trunk, but not yet released: http://svn.apache.org/viewvc?view=revisionrevision=1198940 Another CVE-2011-4415 was assigned by mitre to the resource consumption, NULL-dereference issue ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-4415 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/811422 Title: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 811422] Re: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite
Information Joe Orton: We'd prefer to discuss the appropriate fix for this on the public mailing list, so could you publish your advisory as soon as is convenient. We'll follow up with public discussion and patches as appropriate. Please use the CVE name CVE-2011-3607 for this issue. Very good discussion: http://www.gossamer-threads.com/lists/apache/dev/403775 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3607 ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/811422 Title: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs