Bug#326435: marked as done (CAN-2005-2728: DoS through overly long Range values passed to the byte-range filter)

Thu, 08 Sep 2005 11:48:26 -0700 

Your message dated Thu, 08 Sep 2005 11:17:06 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#326435: fixed in apache2 2.0.54-5
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 3 Sep 2005 09:52:21 +0000
>From [EMAIL PROTECTED] Sat Sep 03 02:52:21 2005
Return-path: <[EMAIL PROTECTED]>
Received: from (vserver151.vserver151.serverflex.de) [193.22.164.111] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1EBUhA-000690-00; Sat, 03 Sep 2005 02:52:21 -0700
Received: from dsl-082-082-147-113.arcor-ip.net ([82.82.147.113] 
helo=localhost.localdomain)
        by vserver151.vserver151.serverflex.de with esmtpsa 
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
        (Exim 4.50)
        id 1EBUh5-0007MF-M0
        for [EMAIL PROTECTED]; Sat, 03 Sep 2005 11:52:15 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.52)
        id 1EBUhm-0001WK-DA; Sat, 03 Sep 2005 11:52:58 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: CAN-2005-2728: DoS through overly long Range values passed to the 
byte-range
 filter
X-Mailer: reportbug 3.17
Date: Sat, 03 Sep 2005 11:52:58 +0200
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 82.82.147.113
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond 
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02

Package: apache2
Severity: important
Tags: security

CAN-2005-2728 describes a DoS vulnerability through overly long values
in the Range field. Please see 
http://issues.apache.org/bugzilla/show_bug.cgi?id=29962
for a more complete description and a patch.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

---------------------------------------
Received: (at 326435-close) by bugs.debian.org; 8 Sep 2005 18:22:56 +0000
>From [EMAIL PROTECTED] Thu Sep 08 11:22:56 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
        id 1EDQxO-00065m-00; Thu, 08 Sep 2005 11:17:06 -0700
From: Adam Conrad <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#326435: fixed in apache2 2.0.54-5
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 08 Sep 2005 11:17:06 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 4

Source: apache2
Source-Version: 2.0.54-5

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb
apache2-doc_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb
apache2-mpm-perchild_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb
apache2-mpm-prefork_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb
apache2-mpm-threadpool_2.0.54-5_all.deb
  to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb
apache2-mpm-worker_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb
apache2-prefork-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb
apache2-threaded-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb
apache2-utils_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb
apache2_2.0.54-5.diff.gz
  to pool/main/a/apache2/apache2_2.0.54-5.diff.gz
apache2_2.0.54-5.dsc
  to pool/main/a/apache2/apache2_2.0.54-5.dsc
apache2_2.0.54-5_i386.deb
  to pool/main/a/apache2/apache2_2.0.54-5_i386.deb
libapr0-dev_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb
libapr0_2.0.54-5_i386.deb
  to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <[EMAIL PROTECTED]> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri,  2 Sep 2005 22:26:28 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork 
apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0 
apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source all i386
Version: 2.0.54-5
Distribution: stable-security
Urgency: high
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Adam Conrad <[EMAIL PROTECTED]>
Description: 
 apache2    - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for 
Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-threadpool - experimental high speed model for Apache2 
(transitional package)
 apache2-mpm-worker - high speed threaded model for Apache2
 apache2-prefork-dev - development headers for apache2
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 libapr0    - the Apache Portable Runtime
 libapr0-dev - development headers for libapr
Closes: 316173 320048 320063 326435
Changes: 
 apache2 (2.0.54-5) stable-security; urgency=high
 .
   * Add 043_ssl_off_by_one_CAN-2005-1268, fixing an off-by-one error in SSL
     certificate validation; see CAN-2005-1268 (closes: #320048, #320063)
   * Add 044_content_length_CAN-2005-2088, resolving an issue in mod_proxy
     where, when a response contains both Transfer-Encoding and Content-Length
     headers, the connection can be used for HTTP request smuggling and HTTP
     request spoofing attacks; see CAN-2005-2088 (closes: #316173)
   * Add 045_byterange_CAN-2005-2728, to resolve a denial of service in apache
     when large byte ranges are requested; see CAN-2005-2728 (closes: #326435)
   * Add 046_verify_client_CAN-2005-2700, resolving an issue where the context
     of the SSLVerifyClient directive is not honoured within a <Location>
     nested in a <VirtualHost>, and is left unenforced; see CAN-2005-2700
Files: 
 779558a3a1edad615114d9e951d44352 1141 net optional apache2_2.0.54-5.dsc
 37d0d0a3e25ad93d37f0483021e70409 7493636 net optional 
apache2_2.0.54.orig.tar.gz
 3f51c615473cb57d4d182e1abbeffcd4 110044 net optional apache2_2.0.54-5.diff.gz
 df584a81cd27a1858014ac52cfdd9ab9 33460 net optional 
apache2-mpm-threadpool_2.0.54-5_all.deb
 429e520dda920f145468b39f4b3f2c2c 3861324 doc optional 
apache2-doc_2.0.54-5_all.deb
 143fb414c293aaa8d89e178306dca35a 799800 net optional 
apache2-common_2.0.54-5_i386.deb
 3dc37ae17bb34d4068f5153bfd2ffd54 90962 net optional 
apache2-utils_2.0.54-5_i386.deb
 824b90f8be18f53abef31e66aca2b0dd 206374 net optional 
apache2-mpm-worker_2.0.54-5_i386.deb
 8cb83e70bbe05872ba5a9de9eacdadc2 206602 net optional 
apache2-mpm-perchild_2.0.54-5_i386.deb
 670721077006223829903285d28b428d 202826 net optional 
apache2-mpm-prefork_2.0.54-5_i386.deb
 46926e9e39dba00825c06b1bc6afa847 167626 devel optional 
apache2-prefork-dev_2.0.54-5_i386.deb
 a22f739befa46e30b9c9f5ad8e6b2bc7 168356 devel optional 
apache2-threaded-dev_2.0.54-5_i386.deb
 0f1b46d69ed1665dbc7175fd777dc9eb 130614 net optional libapr0_2.0.54-5_i386.deb
 f877c48fae275c3e011dcdcddf6f4bdc 259890 libdevel optional 
libapr0-dev_2.0.54-5_i386.deb
 f2bb4abd8a56f74165641a1ffb98268d 33384 web optional apache2_2.0.54-5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDHEw1vjztR8bOoMkRAg4fAKDf4oHHaNpvjHq1mEPMrm8X6Gy0UQCfZDHG
0c4krR6Vp3wy1W5MEZlYh9g=
=NgrJ
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to