News

=========================================================== Ubuntu Security Notice USN-239-1 January 09, 2006 libapache2-mod-auth-pgsql vulnerability CVE-2005-3656 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: libapache2-mod-auth-pgsql The problem can be corrected by upgrading the affected package to version 2.0.2b1-2ubuntu0.1 (for Ubuntu 4.10), 2.0.2b1-5ubuntu0.1 (for Ubuntu 5.04), or 2.0.2b1-6ubuntu0.1 (for Ubuntu 5.10). After a standard system upgrade you need to restart the Apache 2 server to effect the necessary changes: sudo /etc/init.d/apache2 restart Details follow: Several format string vulnerabilities were discovered in the error logging handling. By sending specially crafted user names, an unauthenticated remote attacker could exploit this to crash the Apache server or possibly even execute arbitrary code with the privileges of Apache (user 'www-data').