Package: apache2 Severity: critical Justification: root security hole Tags: security
*** Please type your report below this line *** A security hole has been disclosed on the Apache web site. http://httpd.apache.org/security/vulnerabilities_22.html Although it is disclosed as a denial of service, it seems to involve a buffer overflow, and thus allow remote code execution under the apache account. I can confim, from attacks in systems of a customer, that this is actually the case. As I have not seen any security upgrade from 4th of september, date of the disclosure, I request this issue to be fixed. Ramon Garcia Systems Administrator [EMAIL PROTECTED] http://www.kotasoft.com -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-vserver-686 Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
