Your message dated Sat, 17 Dec 2005 00:05:09 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#316173: fixed in apache2 2.0.54-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 28 Jun 2005 22:49:46 +0000
>From [EMAIL PROTECTED] Tue Jun 28 15:49:44 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DnOtj-0005fj-00; Tue, 28 Jun 2005 15:49:43 -0700
Received: from dsl-082-082-137-197.arcor-ip.net ([82.82.137.197]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DnOo7-0006DV-N0
for [EMAIL PROTECTED]; Wed, 29 Jun 2005 00:43:55 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.51)
id 1DnOtX-0001i1-IX; Wed, 29 Jun 2005 00:49:31 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: apache2: Security issues in HTTP proxy responses with both
Transfer-Encoding
and Content-Length headers
X-Mailer: reportbug 3.15
Date: Wed, 29 Jun 2005 00:49:31 +0200
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 82.82.137.197
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: apache2
Severity: grave
Tags: security
Justification: user security hole
Latest 2.1.6-alpha fixes a security in the proxy HTTP code:
| The 2.1.6-alpha release addresses a security vulnerability present
| in all previous 2.x versions. This fault did not affect Apache 1.3.x
| (which did not proxy keepalives or chunked transfer encoding);
| Proxy HTTP: If a response contains both Transfer-Encoding
| and a Content-Length, remove the Content-Length to eliminate
| an HTTP Request Smuggling vulnerability and don't reuse the
| connection, stopping some HTTP Request Spoofing attacks.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 316173-close) by bugs.debian.org; 17 Dec 2005 08:11:10 +0000
>From [EMAIL PROTECTED] Sat Dec 17 00:11:10 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EnX41-0003C7-9d; Sat, 17 Dec 2005 00:05:09 -0800
From: Adam Conrad <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.17 $
Subject: Bug#316173: fixed in apache2 2.0.54-5
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 17 Dec 2005 00:05:09 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 3
Source: apache2
Source-Version: 2.0.54-5
We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:
apache2-common_2.0.54-5_i386.deb
to pool/main/a/apache2/apache2-common_2.0.54-5_i386.deb
apache2-doc_2.0.54-5_all.deb
to pool/main/a/apache2/apache2-doc_2.0.54-5_all.deb
apache2-mpm-perchild_2.0.54-5_i386.deb
to pool/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb
apache2-mpm-prefork_2.0.54-5_i386.deb
to pool/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb
apache2-mpm-threadpool_2.0.54-5_all.deb
to pool/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb
apache2-mpm-worker_2.0.54-5_i386.deb
to pool/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb
apache2-prefork-dev_2.0.54-5_i386.deb
to pool/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb
apache2-threaded-dev_2.0.54-5_i386.deb
to pool/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb
apache2-utils_2.0.54-5_i386.deb
to pool/main/a/apache2/apache2-utils_2.0.54-5_i386.deb
apache2_2.0.54-5.diff.gz
to pool/main/a/apache2/apache2_2.0.54-5.diff.gz
apache2_2.0.54-5.dsc
to pool/main/a/apache2/apache2_2.0.54-5.dsc
apache2_2.0.54-5_i386.deb
to pool/main/a/apache2/apache2_2.0.54-5_i386.deb
libapr0-dev_2.0.54-5_i386.deb
to pool/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb
libapr0_2.0.54-5_i386.deb
to pool/main/a/apache2/libapr0_2.0.54-5_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adam Conrad <[EMAIL PROTECTED]> (supplier of updated apache2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 2 Sep 2005 22:26:28 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork
apache2-doc libapr0-dev apache2-mpm-threadpool apache2-mpm-worker libapr0
apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source all i386
Version: 2.0.54-5
Distribution: stable-security
Urgency: high
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Adam Conrad <[EMAIL PROTECTED]>
Description:
apache2 - next generation, scalable, extendable web server
apache2-common - next generation, scalable, extendable web server
apache2-doc - documentation for apache2
apache2-mpm-perchild - experimental high speed perchild threaded model for
Apache2
apache2-mpm-prefork - traditional model for Apache2
apache2-mpm-threadpool - experimental high speed model for Apache2
(transitional package)
apache2-mpm-worker - high speed threaded model for Apache2
apache2-prefork-dev - development headers for apache2
apache2-threaded-dev - development headers for apache2
apache2-utils - utility programs for webservers
libapr0 - the Apache Portable Runtime
libapr0-dev - development headers for libapr
Closes: 316173 320048 320063 326435
Changes:
apache2 (2.0.54-5) stable-security; urgency=high
.
* Add 043_ssl_off_by_one_CAN-2005-1268, fixing an off-by-one error in SSL
certificate validation; see CAN-2005-1268 (closes: #320048, #320063)
* Add 044_content_length_CAN-2005-2088, resolving an issue in mod_proxy
where, when a response contains both Transfer-Encoding and Content-Length
headers, the connection can be used for HTTP request smuggling and HTTP
request spoofing attacks; see CAN-2005-2088 (closes: #316173)
* Add 045_byterange_CAN-2005-2728, to resolve a denial of service in apache
when large byte ranges are requested; see CAN-2005-2728 (closes: #326435)
* Add 046_verify_client_CAN-2005-2700, resolving an issue where the context
of the SSLVerifyClient directive is not honoured within a <Location>
nested in a <VirtualHost>, and is left unenforced; see CAN-2005-2700
Files:
779558a3a1edad615114d9e951d44352 1141 net optional apache2_2.0.54-5.dsc
37d0d0a3e25ad93d37f0483021e70409 7493636 net optional
apache2_2.0.54.orig.tar.gz
3f51c615473cb57d4d182e1abbeffcd4 110044 net optional apache2_2.0.54-5.diff.gz
df584a81cd27a1858014ac52cfdd9ab9 33460 net optional
apache2-mpm-threadpool_2.0.54-5_all.deb
429e520dda920f145468b39f4b3f2c2c 3861324 doc optional
apache2-doc_2.0.54-5_all.deb
143fb414c293aaa8d89e178306dca35a 799800 net optional
apache2-common_2.0.54-5_i386.deb
3dc37ae17bb34d4068f5153bfd2ffd54 90962 net optional
apache2-utils_2.0.54-5_i386.deb
824b90f8be18f53abef31e66aca2b0dd 206374 net optional
apache2-mpm-worker_2.0.54-5_i386.deb
8cb83e70bbe05872ba5a9de9eacdadc2 206602 net optional
apache2-mpm-perchild_2.0.54-5_i386.deb
670721077006223829903285d28b428d 202826 net optional
apache2-mpm-prefork_2.0.54-5_i386.deb
46926e9e39dba00825c06b1bc6afa847 167626 devel optional
apache2-prefork-dev_2.0.54-5_i386.deb
a22f739befa46e30b9c9f5ad8e6b2bc7 168356 devel optional
apache2-threaded-dev_2.0.54-5_i386.deb
0f1b46d69ed1665dbc7175fd777dc9eb 130614 net optional libapr0_2.0.54-5_i386.deb
f877c48fae275c3e011dcdcddf6f4bdc 259890 libdevel optional
libapr0-dev_2.0.54-5_i386.deb
f2bb4abd8a56f74165641a1ffb98268d 33384 web optional apache2_2.0.54-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDHEw1vjztR8bOoMkRAg4fAKDf4oHHaNpvjHq1mEPMrm8X6Gy0UQCfZDHG
0c4krR6Vp3wy1W5MEZlYh9g=
=NgrJ
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
