News

=========================================================== Ubuntu Security Notice USN-225-1 December 06, 2005 apache2 vulnerability CVE-2005-2970 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: apache2-mpm-worker The problem can be corrected by upgrading the affected package to version 2.0.50-12ubuntu4.9 (for Ubuntu 4.10), 2.0.53-5ubuntu5.4 (for Ubuntu 5.04), or 2.0.54-5ubuntu3 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A memory leak was found in the Apache 2 'worker' module in the handling of aborted TCP connections. By repeatedly triggering this situation, a remote attacker could drain all available memory, which eventually led to a Denial of Service.