From martin.pitt@canonical.com Fri Feb 11 15:21:40 2005 From: Martin Pitt To: ubuntu-security-announce@lists.ubuntu.com Cc: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com Date: Fri, 11 Feb 2005 10:41:39 +0100 Subject: [USN-80-1] mod_python vulnerability =========================================================== Ubuntu Security Notice USN-80-1 February 11, 2005 libapache2-mod-python vulnerabilities CAN-2005-0088 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libapache2-mod-python2.2 libapache2-mod-python2.3 The problem can be corrected by upgrading the affected package to version 3.1.3-1ubuntu3.2. After a standard system upgrade you need to restart the Apache 2 web server using sudo /etc/init.d/apache2 restart to effect the necessary changes. Details follow: Graham Dumpleton discovered an information disclosure in the "publisher" handle of mod_python. By requesting a carefully crafted URL for a published module page, anybody can obtain extra information about internal variables, objects, and other information which is not intended to be visible. Source archives: http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2.diff.gz Size/MD5: 24067 485183927dd680eedb351cedbd0bb882 http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2.dsc Size/MD5: 806 3b141dd6a13c2abc0c1780ff8d9c34aa http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3.orig.tar.gz Size/MD5: 293548 2e1983e35edd428f308b0dfeb1c23bfe Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python-doc_3.1.3-1ubuntu3.2_all.deb Size/MD5: 100700 6890472b77b13191bf5106123bbebc6c http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python_3.1.3-1ubuntu3.2_all.deb Size/MD5: 12462 b48ab5f2c09c47bfe0c7c02243766c4f amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_amd64.deb Size/MD5: 87564 e331d0cbb7aacadc64ef44d41d326587 http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_amd64.deb Size/MD5: 87650 0dcbdb227cae1b4721c4b8e0454b4ea6 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_i386.deb Size/MD5: 80502 003d29054ae210f2f81826bac8de7856 http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_i386.deb Size/MD5: 80538 1813380c5c39583e9311e117f2823aca powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/liba/libapache2-mod-python/libapache2-mod-python2.2_3.1.3-1ubuntu3.2_powerpc.deb Size/MD5: 85218 d56d5f3a5cda43096dda9d1d7fc3fc0b http://security.ubuntu.com/ubuntu/pool/main/liba/libapache2-mod-python/libapache2-mod-python2.3_3.1.3-1ubuntu3.2_powerpc.deb Size/MD5: 85350 9df8b87f95570137d2402818a252b38d [ Part 2, "Digital signature" Application/PGP-SIGNATURE ] [ 196bytes. ] [ Unable to print this part. ]