OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[sec-adv] Debian update for thttpd

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Wed Oct 29 2003 - 07:33:14 CST

TITLE:
Debian update for thttpd

SECUNIA ADVISORY ID:
SA10093

VERIFY ADVISORY:
http://www.secunia.com/advisories/10093/

CRITICAL:
Highly critical

IMPACT:
System access, Exposure of system information

WHERE:
From remote

OPERATING SYSTEM:
Debian GNU/Linux unstable alias sid
Debian GNU/Linux 3.0

DESCRIPTION:
Debian has issued updated packages for thttpd. These fix an older
vulnerability, which can be exploited to disclose system information,
and a new vulnerability, which can be exploited by malicious people
to compromise a vulnerable system.

For more information:
SA10092

SOLUTION:
Updated packages:

-- Debian GNU/Linux 3.0 alias woody --

Source archives:

http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2.dsc
Size/MD5 checksum: 545 8a1acb90e6094f3fa72c6845c3053041
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2.diff.gz
Size/MD5 checksum: 12319 2ac5366cf965d9fc492265d095c108a8
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b.orig.tar.gz
Size/MD5 checksum: 127157 9c1512664cf70c286331243ab622173e

Alpha architecture:

http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_alpha.deb
Size/MD5 checksum: 67512 4b98098b019e2b8d0b1ce1e9aeb617ec
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_alpha.deb
Size/MD5 checksum: 27794 9edd14ad49dad106626771543c106937

ARM architecture:

http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_arm.deb
Size/MD5 checksum: 54182 c191681665f0af7df0ee90136b3365ff
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_arm.deb
Size/MD5 checksum: 23212 2103ca75c4ea13b97e5744d89949fe37

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_i386.deb
Size/MD5 checksum: 51914 d699b326d3ebc75476cafe31e91e45ec
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_i386.deb
Size/MD5 checksum: 23570 157936de6bd22736b0aa63e2224d65ba

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_ia64.deb
Size/MD5 checksum: 77950 cc5e735539ad1c550b9af17c2388bc83
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_ia64.deb
Size/MD5 checksum: 29562 954eaaa5f8c824cba7725921f65a3331

HP Precision architecture:

http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_hppa.deb
Size/MD5 checksum: 59116 7f77611819d41bf76d5f835d970f3ed8
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_hppa.deb
Size/MD5 checksum: 25448 cd644f20dcc58dfca543600a74dc95c8

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_m68k.deb
Size/MD5 checksum: 49552 72cca53687444bef03134030c6662511
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_m68k.deb
Size/MD5 checksum: 23220 5677cb4faf6d7b586ba1268c2e35e65c

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_mips.deb
Size/MD5 checksum: 58236 446d260842da0922cba728e2df11b56b
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_mips.deb
Size/MD5 checksum: 24516 da2230823d6337e7665254f9700c02b8

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_mipsel.deb
Size/MD5 checksum: 58334 04df64db72249b74039f26e23f384f62
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_mipsel.deb
Size/MD5 checksum: 24598 451b2c66266919a2a45740336e157518

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_powerpc.deb
Size/MD5 checksum: 56474 37163f189b04526056738e72514e0870
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_powerpc.deb
Size/MD5 checksum: 23836 fac814ed369bd38e7294d7190a8aad8a

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_s390.deb
Size/MD5 checksum: 54658 b05a18adb9af89e183846135ea272b2e
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_s390.deb
Size/MD5 checksum: 24392 ea2d972ab7dc89df2c232c71c246bf30

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_sparc.deb
Size/MD5 checksum: 58226 5505dc14188fcd27a6ec7fee1f482a78
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_sparc.deb
Size/MD5 checksum: 29954 85b41622907ece7edfc7d10f78a83946

-- Debian GNU/Linux unstable alias sid --

Fixed in version 2.23beta1-2.3.

ORIGINAL ADVISORY:
http://www.debian.org/security/2003/dsa-396

OTHER REFERENCES:
SA10092:
http://www.secunia.com/advisories/10092/

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------