ID

VAR-200911-0398

CVE

CVE-2009-3555

TITLE

SSL and TLS protocols renegotiation vulnerability

DESCRIPTION

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. Multiple vendors' TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process. Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data. Background ========== ProFTPD is an advanced and very configurable FTP server. (CVE-2009-3555) It was discovered that Loader-constraint table, Policy/PolicyFile, Inflater/Deflater, drag/drop access, and deserialization did not correctly handle certain sensitive objects. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy. (CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0094) It was discovered that AtomicReferenceArray, System.arraycopy, InetAddress, and HashAttributeSet did not correctly handle certain situations. If a remote attacker could trigger specific error conditions, a Java application could crash, leading to a denial of service. (CVE-2010-0092, CVE-2010-0093, CVE-2010-0095, CVE-2010-0845) It was discovered that Pack200, CMM readMabCurveData, ImagingLib, and the AWT library did not correctly check buffer lengths. If a user or automated system were tricked into handling specially crafted JAR files or images, a remote attacker could crash the Java application or possibly gain user privileges (CVE-2010-0837, CVE-2010-0838, CVE-2010-0847, CVE-2010-0848). It was discovered that applets did not correctly handle certain trust chains. If a user were tricked into running a specially crafted applet, a remote attacker could possibly run untrusted code with user privileges. Corrected: 2009-12-01 02:59:22 UTC (RELENG_8, 8.0-STABLE) 2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1) 2009-12-01 03:00:16 UTC (RELENG_7, 7.2-STABLE) 2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5) 2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9) CVE Name: CVE-2009-4146, CVE-2009-4147 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. Background The run-time link-editor, rtld, links dynamic executable with their needed libraries at run-time. It also allows users to explicitly load libraries via various LD_ environmental variables. II. Problem Description When running setuid programs rtld will normally remove potentially dangerous environment variables. Due to recent changes in FreeBSD environment variable handling code, a corrupt environment may result in attempts to unset environment variables failing. III. Impact An unprivileged user who can execute programs on a system can gain the privileges of any setuid program which he can run. On most systems configurations, this will allow a local attacker to execute code as the root user. IV. Workaround No workaround is available, but systems without untrusted local users, where all the untrusted local users are jailed superusers, and/or where untrusted users cannot execute arbitrary code (e.g., due to use of read only and noexec mount options) are not affected. Note that "untrusted local users" include users with the ability to upload and execute web scripts (CGI, PHP, Python, Perl etc.), as they may be able to exploit this issue. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the RELENG_8_0, RELENG_7_2, or RELENG_7_1 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 7.1, 7.2, and 8.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 7.x] # fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch # fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch.asc [FreeBSD 8.0] # fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch # fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/libexec/rtld-elf # make obj && make depend && make && make install NOTE: On the amd64 platform, the above procedure will not update the ld-elf32.so.1 (i386 compatibility) run-time link-editor (rtld). On amd64 systems where the i386 rtld are installed, the operating system should instead be recompiled as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html> VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_7 src/libexec/rtld-elf/rtld.c 1.124.2.7 RELENG_7_2 src/UPDATING 1.507.2.23.2.8 src/sys/conf/newvers.sh 1.72.2.11.2.9 src/libexec/rtld-elf/rtld.c 1.124.2.4.2.2 RELENG_7_1 src/UPDATING 1.507.2.13.2.12 src/sys/conf/newvers.sh 1.72.2.9.2.13 src/libexec/rtld-elf/rtld.c 1.124.2.3.2.2 RELENG_8 src/libexec/rtld-elf/rtld.c 1.139.2.4 RELENG_8_0 src/UPDATING 1.632.2.7.2.4 src/sys/conf/newvers.sh 1.83.2.6.2.4 src/libexec/rtld-elf/rtld.c 1.139.2.2.2.2 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r199981 releng/7.2/ r200054 releng/7.1/ r200054 stable/8/ r199980 releng/8.0/ r200054 - ------------------------------------------------------------------------- VII. For more information see vulnerability #1 in: SA37291 2) An error when exploring python code through the scripting IDE can be exploited to potentially execute arbitrary code. The vulnerabilities are reported in versions prior to 3.2.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: June 04, 2010 Bugs: #306579, #314531 ID: 201006-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== The Oracle JDK and JRE are vulnerable to multiple unspecified vulnerabilities. Background ========== The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). ------------------------------------------------------------------- Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact ====== A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JRE 1.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.20" All Oracle JDK 1.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.20" All users of the precompiled 32bit Oracle JRE 1.6.x should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.6.0.20" All Oracle JRE 1.5.x, Oracle JDK 1.5.x, and precompiled 32bit Oracle JRE 1.5.x users are strongly advised to unmerge Java 1.5: # emerge --unmerge =app-emulation/emul-linux-x86-java-1.5* # emerge --unmerge =dev-java/sun-jre-bin-1.5* # emerge --unmerge =dev-java/sun-jdk-1.5* Gentoo is ceasing support for the 1.5 generation of the Oracle Java Platform in accordance with upstream. All 1.5 JRE versions are masked and will be removed shortly. All 1.5 JDK versions are marked as "build-only" and will be masked for removal shortly. Users are advised to change their default user and system Java implementation to an unaffected version. For example: # java-config --set-system-vm sun-jdk-1.6 For more information, please consult the Gentoo Linux Java documentation. References ========== [ 1 ] CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 [ 2 ] CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 [ 3 ] CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 [ 4 ] CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 [ 5 ] CVE-2010-0087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087 [ 6 ] CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 [ 7 ] CVE-2010-0089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089 [ 8 ] CVE-2010-0090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090 [ 9 ] CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 [ 10 ] CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 [ 11 ] CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 [ 12 ] CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 [ 13 ] CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 [ 14 ] CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 [ 15 ] CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 [ 16 ] CVE-2010-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839 [ 17 ] CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 [ 18 ] CVE-2010-0841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841 [ 19 ] CVE-2010-0842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842 [ 20 ] CVE-2010-0843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843 [ 21 ] CVE-2010-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844 [ 22 ] CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 [ 23 ] CVE-2010-0846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846 [ 24 ] CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 [ 25 ] CVE-2010-0848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 [ 26 ] CVE-2010-0849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849 [ 27 ] CVE-2010-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850 [ 28 ] CVE-2010-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886 [ 29 ] CVE-2010-0887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0887 [ 30 ] Gentoo Linux Java documentation http://www.gentoo.org/doc/en/java.xml#doc_chap4 [ 31 ] Oracle Java SE and Java for Business Critical Patch Update Advisory - March 2010 http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-18.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Release Date: 2010-04-13 Last Updated: 2010-04-13 Potential Security Impact: Remote unauthorized information disclosure, unauthorized data modification, Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities has been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS). References: CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08n. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-3245 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2009-4355 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided upgrades to resolve these vulnerabilities. The upgrades are available from the following location. Host / Account / Password ftp.usa.hp.com / sb02517 / Secure12 HP-UX Release / Depot Name / SHA-1 digest B.11.11 PA (32 and 64) / OpenSSL_A.00.09.08n.001_HP-UX_B.11.11_32+64.depot / 2FE85DEE859C93F9D02A69666A455E9A7442DC5D B.11.23 (PA and IA) / OpenSSL_A.00.09.08n.002_HP-UX_B.11.23_IA-PA.depot / 69F9AEE88F89C53FFE6794822F6A843F312384CD B.11.31 (PA and IA) / OpenSSL_A.00.09.08n.003_HP-UX_B.11.31_IA-PA.depot / 07A205AA57B4BDF98B65D31287CDCBE3B9F011D5 MANUAL ACTIONS: Yes - Update Install OpenSSL A.00.09.08n or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08n.001 or subsequent HP-UX B.11.23 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08n.002 or subsequent HP-UX B.11.31 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08n.003 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 13 April 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Additionally the SNI patch was upgraded for 2009.0/MES5 and 2009.1. HP Integrated Lights-Out 2 (iLO2) firmware versions 2.05 and earlier. HP Integrated Lights-Out 3 (iLO3) firmware versions 1.16 and earlier. The latest firmware and installation instructions are available from the HP Business Support Center: http://www.hp.com/go/bizsupport HP Integrated Lights-Out 2 (iLO2) Online ROM Flash Component for Linux and Windows v2.06 or subsequent. HP Integrated Lights-Out 3 (iLO3) Online ROM Flash Component for Linux and Windows v1.20 or subsequent. =========================================================== Ubuntu Security Notice USN-860-1 November 19, 2009 apache2 vulnerabilities CVE-2009-3094, CVE-2009-3095, CVE-2009-3555 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.9 Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.14 Ubuntu 8.10: apache2.2-common 2.2.9-7ubuntu3.5 Ubuntu 9.04: apache2.2-common 2.2.11-2ubuntu2.5 Ubuntu 9.10: apache2.2-common 2.2.12-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. The flaw is with TLS renegotiation and potentially affects any software that supports this feature. Attacks against the HTTPS protocol are known, with the severity of the issue depending on the safeguards used in the web application. Until the TLS protocol and underlying libraries are adjusted to defend against this vulnerability, a partial, temporary workaround has been applied to Apache that disables client initiated TLS renegotiation. This update does not protect against server initiated TLS renegotiation when using SSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. (CVE-2009-3555) It was discovered that mod_proxy_ftp in Apache did not properly sanitize its input when processing replies to EPASV and PASV commands. An attacker could use this to cause a denial of service in the Apache child process. (CVE-2009-3094) Another flaw was discovered in mod_proxy_ftp. (CVE-2009-3095) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz Size/MD5: 130638 5d172b0ca228238e211940fad6b0935d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc Size/MD5: 1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb Size/MD5: 2125884 643115e9135b9bf626f3a65cfc5f2ed3 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb Size/MD5: 834492 818915da9848657833480b1ead6b4a12 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb Size/MD5: 229578 9086ac3033e0425ecd150b31b377ee76 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb Size/MD5: 224594 85a4480344a072868758c466f6a98747 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb Size/MD5: 229128 446b52088b9744fb776e53155403a474 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb Size/MD5: 172850 17e4cd95ecb9d0390274fca9625c2e5e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb Size/MD5: 173636 b501407d01fa07e5807c28cd1db16cd7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb Size/MD5: 95454 a06ee30ec14b35003ebcb821624bc2af http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb Size/MD5: 37510 4c063b1b8d831ea8a02d5ec691995dec http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb Size/MD5: 287048 9cdc7502ebc526d4bc7df9b59a9d8925 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb Size/MD5: 145624 4b613a57da2ca57678e8c8f0c1628556 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb Size/MD5: 787870 67b1855dc984e5296ac9580e2a2f0a0c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb Size/MD5: 204122 edf40b0ff5c1824b2d6232da247ce480 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb Size/MD5: 200060 6267a56fcef78f6300372810ce36ea41 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb Size/MD5: 203580 c487929bbf45b5a4dc3d035d86f7b3a0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb Size/MD5: 172876 bae257127c3d137e407a7db744f3d57a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb Size/MD5: 173660 9dd0e108ab4d3382799b29d901bf4502 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb Size/MD5: 93410 d5d602c75a28873f1cd7523857e0dd80 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb Size/MD5: 37508 22049e1ea8ea88259ff3f6e94482cfb3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb Size/MD5: 263066 43fa2ae3b43c4743c98c45ac22fb0250 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb Size/MD5: 133484 e70b7f81859cb92e0c50084e92216526 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb Size/MD5: 860622 6d386da8da90d363414846dbc7fa7f08 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb Size/MD5: 221470 8c207b379f7ba646c94759d3e9079dd4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb Size/MD5: 217132 069cab77278b101c3c4a5b172f36ba9b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb Size/MD5: 220968 2f6ba65769fc964eb6dfec8a842f7621 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb Size/MD5: 172874 89137c84b5a33f526daf3f8b4c047a7e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb Size/MD5: 173662 23e576721faccb4aef732cf98e2358d4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb Size/MD5: 105198 44f9e698567784555db7d7d971b9fce2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb Size/MD5: 37518 fe7caa2a3cf6d4227ac34692de30635e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb Size/MD5: 282644 ec0306c04778cf8c8edd622aabb0363c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb Size/MD5: 142730 d43356422176ca29440f3e0572678093 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb Size/MD5: 805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb Size/MD5: 211674 eb19532b9b759c806e9a95a4ffbfad9b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb Size/MD5: 207344 9e5770a4c94cbc4f9bc8cc11a6a038f1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb Size/MD5: 210948 6d1d2357cec5b88c1c2269e5c16724bc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb Size/MD5: 172882 d04dd123def1bc4cfbf2ac0095432eea http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb Size/MD5: 173662 6be46bbb9e92224020da49d657cb4cd4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb Size/MD5: 94510 9df6ae07a9218d6159b1eebde5d58606 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb Size/MD5: 37506 89856bb1433e67fb23c8d34423d3e0a5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb Size/MD5: 269070 bf585dec777b0306cd80663c11b020df http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb Size/MD5: 131466 340eaf2d2c1f129c7676a152776cfcf3 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz Size/MD5: 141838 37d5c93b425758839cbef5afea5353a2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc Size/MD5: 1381 78c9a13cc2af0dbf3958a3fc98aeea84 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb Size/MD5: 1929318 d4faaf64c2c0af807848ea171a4efa90 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb Size/MD5: 72920 065d63c19b22f0f7a8f7c28952b0b408 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb Size/MD5: 6258048 33c48a093bbb868ea108a50c051437cf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb Size/MD5: 45850 07a9463a8e4fdf1a48766d5ad08b9a3c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb Size/MD5: 253080 3c6467ee604002a5b8ebffff8554c568 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb Size/MD5: 248676 3c83ce9eb0a27f18b9c3a8c3e651cafa http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb Size/MD5: 252490 cf379a515d967d89d2009be9e06d4833 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb Size/MD5: 205592 af6cb62114d2e70bf859c32008a66433 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb Size/MD5: 206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb Size/MD5: 141660 958585d6391847cd5a618464054f7d37 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb Size/MD5: 803974 76d23bd94465a2f96711dc1c41b31af0 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb Size/MD5: 236060 ad4c00dc10b406cc312982b7113fa468 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb Size/MD5: 231580 07ae6a192e6c859e49d48f2b2158df40 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb Size/MD5: 235308 18a44bbffcebde8f2d66fe3a6bdbab6d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb Size/MD5: 205594 73ec71599d4c8a42a69ac3099b9d50cf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb Size/MD5: 206374 c1524e4fa8265e7eaac046b114b8c463 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb Size/MD5: 140644 379a125b8b5b51ff8033449755ab87b8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb Size/MD5: 755574 9de96c8719740c2525e3c0cf7836d60b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb Size/MD5: 235578 0265d4f6ccee2d7b5ee10cfff48fed08 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb Size/MD5: 231234 611499fb33808ecdd232e2c5350f6838 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb Size/MD5: 234738 d7757d2da2e542ce0fdad5994be1d8bd http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb Size/MD5: 205592 c10ac9eb401184c379b7993b6a62cde3 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb Size/MD5: 206358 fc91c0159b096e744c42014e6e5f8909 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb Size/MD5: 141212 f87d5f443e5d8e1c3eda6f976b3ceb06 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb Size/MD5: 749716 86ae389b81b057288ff3c0b69ef68656 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb Size/MD5: 254134 4337f858972022fa196c9a1f9bb724fb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb Size/MD5: 249596 44a6e21ff8fa81d09dab19cab4caffdb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb Size/MD5: 253698 f101a1709f21320716d4c9afb356f24f http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb Size/MD5: 205604 3f4d4f6733257a7037e35101ef792352 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb Size/MD5: 206386 06402188459de8dab5279b5bfef768fa http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb Size/MD5: 158390 0acffbdb7e5602b434c4f2805f8dc4d0 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb Size/MD5: 906022 28c3e8b63d123a4ca0632b3fed6720b5 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb Size/MD5: 237422 5651f53b09c0f36e1333c569980a0eb0 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb Size/MD5: 233152 1165607c64c57c84212b6b106254e885 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb Size/MD5: 236606 bbe00d0707c279a16eca35258dd8f13a http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb Size/MD5: 205598 76afcd4085fa6f39055a5a3f1ef34a43 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb Size/MD5: 206372 5c67270e0a19d1558cf17cb21a114833 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb Size/MD5: 143838 28e9c3811feeac70b846279e82c23430 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb Size/MD5: 765398 92c5b054b80b6258a1c4caac8248a40a Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz Size/MD5: 137715 0e8a6128ff37a1c064d4ce881b5d3df9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc Size/MD5: 1788 5e3c3d53b68ea3053bcca3a5e19f5911 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb Size/MD5: 2041786 cd1e98fb2064bad51f7845f203a07d79 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb Size/MD5: 6538578 32e07db65f1e7b3002aedc3afce1748c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb Size/MD5: 45474 0f1b4fb499af61a596241bd4f0f4d35d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb Size/MD5: 254968 f2004f847cc5cbc730599352ad1f7dc6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb Size/MD5: 249196 fb001fc4f192e9b8ae1bb7161925413c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb Size/MD5: 254360 419b942bad4cf4d959afcfa3ce4314e2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb Size/MD5: 208524 0d87bf6acbf1ab5dc48c68debe7c0d26 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb Size/MD5: 84490 2a4df4b619debe549f48ac3e9e764305 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb Size/MD5: 82838 215665711684d5b5dd04cdfa23d36462 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb Size/MD5: 209550 496d387e315370c0cd83489db663a356 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb Size/MD5: 147762 48061b9015c78b39b7afd834f4c81ae0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb Size/MD5: 820242 3497441009bc9db76a87fd2447ba433c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb Size/MD5: 241376 488812d1a311fd67dafd5b18b6813920 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb Size/MD5: 236082 9256681808703f40e822c81b53f4ce3e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb Size/MD5: 240668 2b6b7c11a88ed5a280f603305bee880e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb Size/MD5: 208532 e0eccceba6cae5fb12f431ff0283a23e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb Size/MD5: 83922 ea5f69f36e344e493cce5d9c0bc69c46 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb Size/MD5: 82320 0d9b2f9afff4b9efe924b59e9bb039ea http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb Size/MD5: 209554 f4e53148ae30d5c4f060d455e4f11f95 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb Size/MD5: 146596 5ed6a4af9378bacfb7d4a034d9923915 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb Size/MD5: 778564 ffd7752394933004094c13b00113b263 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb Size/MD5: 238358 4955c7d577496ea4f3573345fad028a4 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb Size/MD5: 232964 76aecf38baba17a8a968329b818ec74a http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb Size/MD5: 237626 83f32bd08e2e206bbdb9f92cfb1a37e5 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb Size/MD5: 208528 6672fb116e108687669c89197732fbb0 http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb Size/MD5: 83870 b8f875f197017aec0fe8203c203065d7 http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb Size/MD5: 82296 d6724391ed540b351e2b660ba98af1ca http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb Size/MD5: 209550 263b43fb11c6d954d5a4bf7839e720a4 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb Size/MD5: 146282 a225b8d0f48e141eea28b2369d4595c0 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb Size/MD5: 766494 454c737e191429c43ad3f28c9e0294a0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb Size/MD5: 261510 d3e1155682726cc28859156e647d97b3 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb Size/MD5: 256082 e49d894a6e9ab612a3cbd2f189ca3d8d http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb Size/MD5: 260850 bc3cd7677cd630ac00424e73a3a6b343 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb Size/MD5: 208542 ae1cc6b1323832528ad8f0e7130ec87d http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb Size/MD5: 84558 68452b686e89320007e9c5367ce36345 http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb Size/MD5: 82908 2b8c5fc4bdec1017735dc16eba41d0a6 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb Size/MD5: 209562 a8da7487e3dcd1bdff008956728b8dd3 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb Size/MD5: 161030 a5ffe07d5e3050c8a54c4fccd3732263 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb Size/MD5: 926240 8282583e86e84bd256959540f39a515d sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb Size/MD5: 246720 e54b4b9b354001a910ec9027dc90b0d2 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb Size/MD5: 241280 1eea25472875056e34cd2c3283c60171 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb Size/MD5: 246024 5709e7421814ecfb83fff5804d429971 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb Size/MD5: 208528 25cdfd0177da7e5484d3d44f93257863 http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb Size/MD5: 84096 3ffbacffcc23ffc640a2ce05d35437bf http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb Size/MD5: 82470 17d1ca84f9455c492013f4f754a1d365 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb Size/MD5: 209546 696ef3652703523aea6208a4e51e48f1 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb Size/MD5: 150932 44c89e0249c85eed09b6f3a6a23db59d http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb Size/MD5: 783902 773a80d7a85a452016da3b10b1f3ae43 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz Size/MD5: 141023 50d6737005a6d4fe601e223a39293f99 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc Size/MD5: 1795 59720f4d7ad291c986d92ec120750c3d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb Size/MD5: 2219326 d29c903489b894ddf88b23a0fec23e5c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb Size/MD5: 46636 ee03585b00f277ed98c0de07a683317a http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb Size/MD5: 6948222 a3505a83c13cf36c86248079127dd84d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb Size/MD5: 259028 5e9bddefad4c58c3ef9fd15d7a06988d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb Size/MD5: 253218 ee1bfbb759ffade3a52a6782e2f4b66d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb Size/MD5: 258414 8ef063026de9790bac1965427ce1b584 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb Size/MD5: 213294 09701d434bd102e4205e551b4525afd1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb Size/MD5: 214258 e98de48ea01e1132c5f1248a9a018745 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb Size/MD5: 151140 2f7c7f14b843b2c24de8c67356406449 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb Size/MD5: 826834 28abdf1c7be886e9be2825d351abaec7 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb Size/MD5: 87818 670c62615e107920c45893b3377ab2a0 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb Size/MD5: 86094 5a7c68fd37066287b4819cba4cfed1f2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb Size/MD5: 245538 952540b7679ebc8d3ffc953f32d3be0f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb Size/MD5: 240048 08a7fd4888ffd9188890e57c613c4be7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb Size/MD5: 244914 955bb5121da808d44aa994386d90723f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb Size/MD5: 213308 dd16143608ff8c41cb2d5cd27212a57e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb Size/MD5: 214280 1e1f5d6feef40413f823a19126a018e3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb Size/MD5: 150046 0769d86d26282d1d31615050ae5b8915 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb Size/MD5: 784198 8760e9c37147d0472dbbfe941c058829 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb Size/MD5: 87182 21980cb1035d05f69b857870bbcbc085 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb Size/MD5: 85572 6a1b8a5e4cb19e815e88335757b06cf3 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb Size/MD5: 242386 859ad63822b7e82c81cd6dcaca088c4a http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb Size/MD5: 236924 200538ce94218c9d8af8532636bfd40a http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb Size/MD5: 241822 3a3183ea4ee77d2677919d3b698f92a1 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb Size/MD5: 213286 bf81273b1db0a4a621085171c2b2b421 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb Size/MD5: 214264 ed278dab71289d2baae2ea409382fbf8 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb Size/MD5: 149758 75f6e2d7bd1cdfe5b1806062c3c859df http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb Size/MD5: 773424 c7cdc26051bd9443ae25b73776537fb5 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb Size/MD5: 87132 32e7ea89c96a0afce7ce1da457d947fb http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb Size/MD5: 85550 1d9b5963aa6ea5c01492ec417ab8510a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb Size/MD5: 265476 5d03fe6b2da8de98c876941ff78b066f http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb Size/MD5: 260478 3e3aeaaf496cc86c62a831c59994c1f2 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb Size/MD5: 265154 5eae30e7a33c09b37483f3aab595d0e9 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb Size/MD5: 213314 879534ebabbb8be86b606e1800dc9cf8 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb Size/MD5: 214286 922033231a6aa67ecca1c400d47f09c1 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb Size/MD5: 164444 74faf68f0baeffcd011155ca9b201039 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb Size/MD5: 932416 2911758e4ad1b3b401369621301ea76f http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb Size/MD5: 87876 1d45c033ec5498c092f30188cf1d481e http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb Size/MD5: 86154 52c1d8806d52fef6f43ab53662953953 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb Size/MD5: 250786 4e8e98dcba5543394ed5f07d141ce408 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb Size/MD5: 245094 a82bf04fc92b8c275b0c0f25cc81ff91 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb Size/MD5: 250110 092cf734813ae1d127d7b4f498f936c1 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb Size/MD5: 213312 98d7062a6bdb58637f7e850b76bfbc80 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb Size/MD5: 214286 a378e2e0418631cec0f398379a446172 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb Size/MD5: 154284 ce8b7bbccd359675b70426df15becfed http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb Size/MD5: 789298 11f088b18425b97367d5bc141da2ef2f http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb Size/MD5: 87384 477b6594866c8c73a8a3603e7e646c68 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb Size/MD5: 85686 5562ea5a0e6f01ba12adda3afb65c1b0 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz Size/MD5: 185244 1ef59f9642bd9efa35e0808ea804cd0b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc Size/MD5: 1888 d3bfdecefdd8b1adec8ab35dcf85d2b3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb Size/MD5: 2246560 be12bcc117bf165ffd3401486186762e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb Size/MD5: 2336 009d381342b0be5280835a46c91f01d9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb Size/MD5: 2374 7545a3750acea08e95bee86f6a3247e2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb Size/MD5: 2314 17719223d92d46821098ce178b5947d6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb Size/MD5: 284782 4321e3201d8e8d1a9e3c6fbe6864102b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb Size/MD5: 1424 7b4d96008368549d5600a8c1f64a7559 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb Size/MD5: 2366 46add3d428c97fa69a8848a3e4025bb0 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb Size/MD5: 137080 91e4f72d0f1f0abe91555e1497558fc2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb Size/MD5: 138176 5fd6a5ed536306528f9f2c1a0281ad70 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb Size/MD5: 156646 cfa55666363303b3f44a24fa2929bf01 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb Size/MD5: 1399630 82b36d57faa29a646e72a1125600c11c http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb Size/MD5: 92488 ddebef9d1a537520380f85b63c512bef http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb Size/MD5: 90880 c6d163edf145da8ff6d102dc0dd1f8d7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb Size/MD5: 137102 69dcd0519ca612e02102f52dcb50bf7f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb Size/MD5: 138200 17221b53903d664823a55faa1ec4d9a9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb Size/MD5: 155166 4347806710edff47fc051b4a68d5b448 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb Size/MD5: 1309136 d9a7df212b315fc6f77fc87fa8eb4a04 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb Size/MD5: 91876 289bf732dd4750a2ce61ab121b04b079 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb Size/MD5: 90316 add7f446f6b524343c0066a486dd299a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb Size/MD5: 137088 571e9f0370b5687acff25f71c4efe33e http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb Size/MD5: 138192 816a6e033f02114553bbb3627b9c6f9c http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb Size/MD5: 155090 af8272dc794250c30cd2f66b82486dc2 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb Size/MD5: 1290606 4c51de07f5a6fe9612de45369e6f35a5 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb Size/MD5: 91830 06866386df811127f4fd71d6fb2a9e2a http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb Size/MD5: 90312 9e68bd8111503135a4eae7265b0084ae powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb Size/MD5: 137096 61b24dbeb12d7998e5d7014c26410a99 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb Size/MD5: 138202 599898ff374bde8bfa388e2615064c5a http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb Size/MD5: 161058 fea8f5b9a80bef9c4cb3405bc37160af http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb Size/MD5: 1390150 fb1a244728a509586b77d02930fcf10f http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb Size/MD5: 92400 572c3b0aa5ab717e8c4e4e8248aff1ff http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb Size/MD5: 90774 82011ebc757d31e690698cf9913e3adc sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb Size/MD5: 137098 7f566dfade1678c72eac7dd923ab5987 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb Size/MD5: 138202 09fbc3145d768cf1f204d47b50e21528 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb Size/MD5: 159488 7cb6c81588adaee162b8c85a1f69e7a7 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb Size/MD5: 1297936 106b0b71f5e928c1d543973b5b1f015b http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb Size/MD5: 92166 28899fe31226880dfa961d8b05e8fa43 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb Size/MD5: 90554 f207de0099ed259e2af736e8c82f91c2 . Background ========== IcedTea is a distribution of the Java OpenJDK source code built with free build tools. CVE-2009-3555 has been assigned to this vulnerability. As a partial mitigation against this attack, this apache2 update disables client-initiated renegotiations. This should fix the vulnerability for the majority of Apache configurations in use. NOTE: This is not a complete fix for the problem. This is the case for the following configurations (the information in the changelog of the updated packages is slightly inaccurate): - - The "SSLVerifyClient" directive is used in a Directory or Location context. - - The "SSLCipherSuite" directive is used in a Directory or Location context. As a workaround, you may rearrange your configuration in a way that SSLVerifyClient and SSLCipherSuite are only used on the server or virtual host level. A complete fix for the problem will require a protocol change. Further information will be included in a separate announcement about this issue. In addition, this update fixes the following issues in Apache's mod_proxy_ftp: CVE-2009-3094: Insufficient input validation in the mod_proxy_ftp module allowed remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. CVE-2009-3095: Insufficient input validation in the mod_proxy_ftp module allowed remote authenticated attackers to bypass intended access restrictions and send arbitrary FTP commands to an FTP server. For the stable distribution (lenny), these problems have been fixed in version 2.2.9-10+lenny6. This version also includes some non-security bug fixes that were scheduled for inclusion in the next stable point release (Debian 5.0.4). The oldstable distribution (etch), these problems have been fixed in version 2.2.3-4+etch11. For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed in version 2.2.14-2. This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages. Updated apache2-mpm-itk packages for the armel architecture are not included yet. They will be released as soon as they become available. We recommend that you upgrade your apache2 and apache2-mpm-itk packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch (oldstable) - ------------------------------------------- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.dsc Size/MD5 checksum: 1071 dff8f31d88ede35bb87f92743d2db202 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz Size/MD5 checksum: 6342475 f72ffb176e2dc7b322be16508c09f63c http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.diff.gz Size/MD5 checksum: 124890 c9b197b2a4bade4e92f3c65b88eea614 Architecture independent packages: http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch11_all.deb Size/MD5 checksum: 2247064 357f2daba8360eaf00b0157326c4d258 http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch11_all.deb Size/MD5 checksum: 6668542 043a6a14dc48aae5fa8101715f4ddf81 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11_all.deb Size/MD5 checksum: 41626 27661a99c55641d534a5ffe4ea828c4b http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch11_all.deb Size/MD5 checksum: 275872 8ff0ac120a46e235a9253df6be09e4d5 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 346016 02b337e48ef627e13d79ad3919bc380d http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 407682 f01d7e23f206baed1e42c60e15fe240f http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 1017408 1c8dccbed0a309ed0b74b83667f1d587 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 449704 b227ff8c9bceaa81488fec48b81f18f6 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 450266 766ba095925ee31c175716084f41b3cf http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 444898 3b1d9a9531c82872d36ce295d6cba581 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 407030 eedabbc4930b3c14012f57ec7956847b http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_alpha.deb Size/MD5 checksum: 184920 2d152290678598aeacd32564c2ec37c2 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 409010 15d5dda7eb1e9e8d406cd9ff4b25e60f http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 408330 0bf271280295146f4ded8c02335e8fc1 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 1000068 f92b3deafb9ce263d0d66b753231a003 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 436268 9ef6b02f0ecf9905c14114a464c86f80 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 432320 b734b0c2f1d2177a828cff7d8e34d17c http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 342152 ef061f914027b41b788a31758d7c4e96 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 436766 deb97a3637ae8be3e016e37c038bc470 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_amd64.deb Size/MD5 checksum: 172802 0550f661c804ef0c0ec31e1928f5f97d arm architecture (ARM) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 421056 b55b215aee8398e6388a73b421229db7 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 408940 8782732ef6487ef268abf2856ec5e2c0 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 408140 f3627e52eaf7a011a5a624ea25fa058b http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 968448 ac1354c562e7969e47561f4cba3a859b http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 346166 a8729d03737330075908c2b8b2f5ce0b http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_arm.deb Size/MD5 checksum: 157634 53c277ca7e52e7e60a523183e87beec3 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 421782 b17f7ce0bfd6fee4877d9bccaf82770e http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 417026 03b845039bf49fba64f064acda350f43 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 444058 16fb9ac5807fcf161321ffc8467e963d http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_hppa.deb Size/MD5 checksum: 179532 b1f7b89ac1e830b72e30c9476b813263 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 352116 f34f19a1bf40a37695ac0aeb3f5b6d10 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 443324 e7106e9195fcd9f34ced7bccb009cbb7 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 1078948 29a60062b3f7676f768dda1d4cdb78fd http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 439968 6ff5b95ba06596c04f2fc7dc3adac7ac http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 410880 28ce1d24c4e152624c38330d34781636 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 409994 2ce21d9fc51fbbeb5e05ac7c418d7e11 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 409776 04bafa059e90c14851f290c02fc7a29e http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 963818 f2755fd250837dd878a24ffc8527855d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 425034 fc0b075a77853494886719b1bf4d7092 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 421206 d2758678dc6dcfb2298a5e69dbd199d0 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 425510 5df035120241567d62ba4154a7ade25f http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_i386.deb Size/MD5 checksum: 161256 614f006996e6309829bf7c80bb95e3ed http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 410518 833b5256083de5f76d83354f63916af2 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 343876 435638e472ccb187c7713f96840cf156 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 407664 9929d570df08ea81c10235d8cfad8cec http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_ia64.deb Size/MD5 checksum: 231808 505ed0109a851680126951f228f4ed40 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 491120 d1ef23e9bbd457b1c30d50234050b112 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 498202 f430c9b4231122f996799b45d68596a3 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 407018 f721b04b90b8b2b5ec76916488395bdd http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 360664 08763e41786b3c5b28cf3e27d234419d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 497388 6ef80d442fbf5046e78b9b2a0637adb9 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 1204566 d1cc5f38e5683c539db6673611585b67 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 430112 01c3cf5fc888bff3967c95736b3caf40 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 407674 688656128f0f46e8b35da61d731e244f http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 434122 791a223b58a6a3a00fdd5517decc6ff2 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 951736 68a93c433a24dd42b461907c2b61c6d2 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 407022 10cf7a6fa3ad60183a80b7fddc08ed98 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 350066 ab3498abf9ddc41f0665be9c2912beab http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 434784 2d07f9376a7c7eb6229e0c5238e604fc http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mips.deb Size/MD5 checksum: 169932 db0ecd6b89594ecbff3bacd9d184f808 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 428958 3c7b9e69ccbeb0db17d437ece3717b65 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 407040 61a67a76dd0acfaeb747d5ee745cb3fa http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 433736 74adf126949edfd4b1af734b3a8255f8 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 951730 3c9d5a12163e7d1c939d26829a4454f1 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 407694 0297490b8b4aff5e1a4527a9c897fbee http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 350302 843a3c227ba43dc4b882c96cad62a6eb http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 434220 b18b6688a18a11d7bfa20d486c13ae64 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mipsel.deb Size/MD5 checksum: 168814 6eedc4fb9e8027cf6d11c427a1cc4f8c powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 1061292 0a43b7054755c361229d5e14db9c3156 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 432806 ebe9b3113da3361dabf67acd291f9d93 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_powerpc.deb Size/MD5 checksum: 168374 ab7eb4de4a4c224a94698ebb67f627ea http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 433416 0c53941e7e8765780e4e4a71f81a592b http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 354920 0682a419e0d59ff5a2af1f322991b157 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 410150 69ddc8b0b8ec235e65eabde0adbc1db7 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 428826 f556fd9726b4c66bbe6fdc05b84d9918 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 409396 d4b779470977873916bff7353829f172 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 437364 0d844765789f2fcc4cf0c24e755b4c3d http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 994710 63d476187cc9eed384ff792ce8b6f471 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 443278 114375b6439d8a9cf344dd4829c7b6d2 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 407682 e0db3031b4bb381a0f3178569d4c514a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 442268 219d9f7f67d2a53a3c3e700c68a6d682 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 348624 ac97c9840e0cb11a1cf1e44fd1875015 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 407026 6233c65e8860b416d7a6265ae2c2eda4 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_s390.deb Size/MD5 checksum: 177986 634687237fd58d539bc9492415a94b77 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 418896 96bdf44ad9d8c1d86ee3aaf383c9dcce http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 412078 c9aab17ccba1846ea02df78f636a28a6 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 342696 7dd353d553f6a495c506b22f60ff2a0d http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_sparc.deb Size/MD5 checksum: 158054 60de9a240c905bdb6ffa0ab6c032096d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 422966 edb7194c73d08c0bdb1eed6bd19ceb53 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 422444 ad0a85ada33d687e1fc67b0fa3c40244 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 960150 0dae013a3e07502409918ff649cb1375 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 411290 88e769a08329b6728c6fd0770d241874 Debian GNU/Linux 5.0 alias lenny (stable) - ----------------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz Size/MD5 checksum: 6396996 80d3754fc278338033296f0d41ef2c04 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.dsc Size/MD5 checksum: 1673 f6846ac2d9cbd7887629a9c503154310 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.diff.gz Size/MD5 checksum: 145719 fd456ef168b7f1ca1055ffbca1df53db Architecture independent packages: http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny6_all.deb Size/MD5 checksum: 2060318 c2499fa1040a9ace89c1a969de4db870 http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny6_all.deb Size/MD5 checksum: 6736558 e09131a305cf2e51d3c14ed7c1beaf5d http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6_all.deb Size/MD5 checksum: 45238 922ce7e9d14885bab9c9cbbfab99fbd3 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 209720 29861b61a3ae0912a7eb1ba2096b0421 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 84444 af60f321516a06fc9588433ba2c1a88e http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 256598 730d50c0f57ba7aad84e6897217bf42d http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 2402082 b932e642a152e30f948437d7313d2dcf http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 82728 bb04bbeae7865acad1ae89e943702623 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_alpha.deb Size/MD5 checksum: 198236 61b2f1529a056145d9ea8a87c5c5e8c0 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 208690 f6d15e0b6fa15a3738e9130b4044ce37 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 849014 dddd323a55b010c29a8626194b71a7a1 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 147844 40f11b60e0f5154680f16c1c67943101 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 261662 7b88269d9ce2877809a0f47daa4e756d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 262336 eced46181f89a7f8ee636c0dce4789f7 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 210246 bb629f54f383bfcce66a6bf0bc1a2b6d http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 825462 051201fb8baa9a7a961961dd5082929a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 257694 3b8c5bff06a870ccd062ce53771a43a4 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 211268 5e07756440fecd3a3ee3815a6cff3ff5 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 258424 92c5467fbef1d4da6803507b679df099 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 82532 40718aa8ebb6532404fad4b5ee2a1e09 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 84140 743b1e0fd988539a7346bddbcd573767 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 253708 bcc5c9f767c1e62913af45827f04b83f http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb Size/MD5 checksum: 195214 42f4650b895a51b853c253bbbd1e2cc0 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 2455308 9b8792a5defa5193d825d31dc47b43f2 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 144980 240232c2f4932579c60ecee786c0af26 arm architecture (ARM) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 224760 9615e8207a01d2759de57b58cd885286 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 83230 c840cb7342a3a83e0587fd3baacce760 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 2327178 39819fd5f56728620aaefdbe10887c2b http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 147202 f7ebf064272389cf2dd7db7bfe3ff267 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_arm.deb Size/MD5 checksum: 161596 b7a2763998f12394ecae68df6ec73fbb http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 223898 fbd3f6bc3340643f55862e5b14947345 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 786918 a142a6fbee216aaa87378bdc53773eb2 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 209812 2e4b61b494abdd8e52b219456a82e499 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 219946 4ac3564788d25b492a833e2df463b41e http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 81412 abe1efff8619aac89534c3f4d57c5356 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 211008 865b518f1a18de1020feb2212b137a6c armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 212612 2b8654bdda7346a2a7804800e9a11d8e http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 802766 535b466511548a5264b0da3a3a348381 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 226068 8921ab3294cf45178f3b90fd51fbafc3 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 213694 38498cbd15341da4279e4193a4708c6c http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 226354 57f22f55c3ca485b5974e1f2a4ef1414 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 83934 6a6a2de840f638874d8ae05611f142b9 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 82284 b225eb7806650013baccae619ad08f2b http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 2340926 83bb45aa97542f6f796780c8a2d24c8b http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 221894 872e3f1df2080a84cca36f48e6c8e575 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 151226 3172e8ba667991da2881ea6a7b2781cc hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 84022 f603a1c369bbc7d05efe1ad99325e020 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 153048 0568fcb47c9cad398c7fd7abe2276828 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 82214 f27d31e710ba6640471c47a6fc240aad http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 246406 f18257777ba62d65ceb3aa4842415c74 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 241578 e71e710d7889e79b85e4c20b539a4d26 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 211730 a9913999aac5559db1e75835d87a2efd http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 896810 e8e2d9459750e5d9be76c00923a25696 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 245816 6a876fb502903c7bfcb5a4b8dad71a7a http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 213028 f072f0ca44edc122c1b3e1da847f1c8c http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_hppa.deb Size/MD5 checksum: 183316 41a32b0fd061c4f2afbd740af5e8325a http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 2385020 366e6e9bd1dec0ba6a784813785f13d3 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 82366 ab10d1ab26c914777c5296fe9ccfe027 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 241326 2ee9101bf92fcac69249094b3ca11e2a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 240776 43a654cf0439fc97997a57baec5e2995 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 84104 f73a1bff0a8a4426e63803c4e5c67c60 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 783440 053ba7ef4fbb56547200c32c35ac8a0e http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 143414 c20c10a3eadac1c494a5750888875800 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 237396 06841f14531fab0adb92177af849c8be http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 211420 69c67bd0052c70322924b901ba5f5428 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 2324892 87c51cc1fb8ae2532adcfa601a7b5af4 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 212726 11b86a68880fa98a130e449dec0fbbcc http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_i386.deb Size/MD5 checksum: 179396 4ae5716372fe19991b0d8a4cc751d45f ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 162732 0a9a153e3703f9dbd33e325d67373bce http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_ia64.deb Size/MD5 checksum: 247068 39445ee73d2076bfa589a5840a3d6024 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 1036624 80b366704dc888c2bea8d84c316faf33 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 208668 c2b06d3c767fa737fbf5e1c3d50d001c http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 311692 77ff8879c2853c4b33903299ec3120c8 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 312616 1c20b667ebbd43b0ee1b01cd1cdd991d http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 83920 a383c7aef1758f963c019793af7b5f92 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 2317952 803f0b941814cbbc49f4e37bc3b9ca95 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 209700 59ab45d2c7c2168a941ff2fc842268e1 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 304670 067ece69f8b9518f9b18cd948c4df971 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 85802 9294d252435e8026d6135bf8efdfaf46 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 2465158 a36366e07810785cd1f2dc3b020d3486 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 780460 a5daeb91029f3b027a810ee22456ebd3 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 233408 ec9001ee4c996d0b14a9e67d9ce380ec http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 82082 1fc55f0526e3bf90c2156364055a1627 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mips.deb Size/MD5 checksum: 171444 789208a77578e49ebca9be904c99aff3 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 83688 8612d0c31dee19c557723b08354c20d7 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 149712 ac8ddf3ab4a3b0fb255adbc588e57305 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 209718 8af3815f7794f4e60d72ba52d3bd19c4 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 229494 c2ef345862009f2a2b979205fec22567 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 208698 246c0001aaa98be577f6c5f004330285 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 233980 ce7b3760443a98b0ddc0607a7a9842bf mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 228110 e45b1c3294102e26eee671b860f4aabc http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 208710 1403636fff03ab43353cdffdef62ffd7 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 83708 9b1c257025920f6dd0a7a2b231c97141 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 209740 546504d6f0a2a449e9bcd618f4700ce5 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 82128 31209b35ecb423f2d88347df6c08eddb http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 2420074 b57ff2a01ee7f29d0dcba4214dc7fc21 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 232140 3dfff4c54077cb221e19533f19538834 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 778974 d9d0084ea48aaa56d2f99c632711d084 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mipsel.deb Size/MD5 checksum: 169470 f04a239ba4f1d6ae4ff8ce0960f784fd http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 232796 8ced513dc28d7165fd76076803b98188 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 150024 c2a66c2c63eeb66df98b136cceadc780 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 84570 b43f074242385089dda2aae2e9ae1595 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 915976 723f3349b829894595b913099f06ecc2 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 257408 c4bab781417526a0dfdb2240ab2fef07 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 2495210 6fb817120bcb095006fd09d2318f28ee http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_powerpc.deb Size/MD5 checksum: 195192 6b4d950e48c6cdfd00d403e42b719b40 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 208684 ece82cc979cff6832d51a6caf51f38b5 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 82908 c54a24103b503b5de1b27993ee33610f http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 160960 361e2bae65d5f1303073d8e4d88ccdb7 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 209714 81fbc6671b2d4137dc52232e9d572ea9 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 258234 6dbd57dc907e93b5e9dcd3058e99b30f http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 253294 696e2e9219d6e029c0c6f024045a4d5f s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 82544 4e332ccedffd13b1e7b866fe71cf8a9b http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_s390.deb Size/MD5 checksum: 197642 e32a924a47b90452356956e3fe39d34e http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 255970 197eea5c422ecf37ec592bf9612c3b2f http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 208694 33dddaec24eb4475411eb55abb5d5e71 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 150912 2aa00b2fb3b84a536030f5b5635115bc http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 209726 cf54089c8a33087820f8c9359e461625 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 2409108 1b6e40f5d2772a0a1f26424f4b470136 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 824586 ff52926d953f8b5cbde82ac31176dedb http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 259924 655aca8f56383ebd106ded50d8f557ea http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 260610 12751082d3f1466735d1b3d395d63690 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 84310 9aa451ccb1513c05f4ccc0319124181e sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 2231018 fcdbb08c45ff474592590fac0aa78dac http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 84568 6dcf4195e216a22ef2919806d55d5098 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 237224 9bf96cc5f932643b1c55c6a9fa238af1 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 241474 ed8557af547d9d55a075fca5cf88488d http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 82888 bde0baf83e2e972b398be6a500f77125 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_sparc.deb Size/MD5 checksum: 177562 09cbb49296407c83ef1575b003dfb129 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 241014 2c10b920cdfec918af3eb148e29fca0f http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 212798 28edff7612bb824fc20d88c29b8b7e1f http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 781748 63e7003956d73b1a04e544c00eaa7728 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 213976 b7e758d0a2e6574944d27e2d6e40f60c http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 146596 c37cea33bed94a68326b511a66bf050e These files will probably be moved into the stable distribution on its next update. ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle Application Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44293 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44293/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44293 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44293/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44293/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44293 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious users and people to manipulate certain data. 1) An error exists in the C Oracle SSL API of the Oracle Security Service component and can be exploited to manipulate certain data. 3) An error exists in the Midtier Infrastructure of the Portal component and can be exploited to manipulate certain data. For more information see vulnerability #3: SA44246 4) An unspecified error in the Single Sign On component can be exploited by authenticated users to manipulate certain data. * Oracle Application Server 10g Release 3 version 10.1.3.5.0. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only). Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0. The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195). The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890). Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891). NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095). Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555). Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu MUj4lK2Wsb+qzbv2V+Ih30U= =VdZS -----END PGP SIGNATURE----- . USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue. After updating openssl, an Apache server will allow both patched and unpatched web browsers to connect, but unpatched browsers will not be able to renegotiate. This update introduces the new SSLInsecureRenegotiation directive for Apache that may be used to re-enable insecure renegotiations with unpatched web browsers. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Networks Security Advisory Title: TLS Protocol Session Renegotiation Security Vulnerability Aruba Advisory ID: AID-020810 Revision: 1.0 For Public Release on 02/08/2010 +---------------------------------------------------- SUMMARY This advisory addresses the renegotiation related vulnerability disclosed recently in Transport Layer Security protocol [1][2]. The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. If a client browser (victim) is configured to authenticate to the WebUI over HTTPS using a client certificate, an attacker can potentially use the victim's credentials temporarily to execute arbitrary HTTP request for each initiation of an HTTPS session from the victim to the WebUI. This would happen without any HTTPS/TLS warnings to the victim. This condition can essentially be exploited by an attacker for command injection in beginning of a HTTPS session between the victim and the ArubaOS WebUI. ArubaOS itself does not initiate TLS renegotiation at any point and hence is only vulnerable to scenario where a client explicitly requests TLS renegotiation. Captive Portal users do not seem vulnerable to this issue unless somehow client certificates are being used to authenticate captive portal users. AFFECTED ArubaOS VERSIONS 2.5.6.x, 3.3.2.x, 3.3.3.x, 3.4.0.x, 3.4.1.x, RN 3.1.x, 3.3.2.x-FIPS, 2.4.8.x-FIPS CHECK IF YOU ARE VULNERABLE The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. ArubaOS is vulnerable only if its configuration permits WebUI administration interface clients to connect using either username/password or client certificates. If only one of the two authentication method is allowed, this issue does not seem to apply. Check if the following line appears in your configuration: web-server mgmt-auth username/password certificate If the exact line does not appear in the configuration, this issue does not apply. DETAILS An industry wide vulnerability was discovered in TLS protocol's renegotiation feature, which allows a client and server who already have a TLS connection to negotiate new session parameters and generate new key material. Renegotiation is carried out in the existing TLS connection. However there is no cryptographic binding between the renegotiated TLS session and the original TLS session. An attacker who has established MITM between client and server may be able to take advantage of this and inject arbitrary data into the beginning of the application protocol stream protected by TLS. Specifically arbitrary HTTP requests can be injected in a HTTPS session where attacker (MITM) blocks HTTPS session initiation between client and server, establishes HTTPS session with the server itself, injects HTTP data and initiates TLS renegotiation with the server. Then attacker allows the renegotiation to occur between the client and the server. After successful HTTPS session establishment with the server, now the client sends its HTTP request along with its HTTP credentials (cookie) to the server. However due to format of attacker's injected HTTP data, the client's HTTP request is not processed, rather the attacker's HTTP request gets executed with credentials of the client. The attacker is not able to view the results of the injected HTTP request due to the fact that data between the client and the server is encrypted over HTTPS. ArubaOS itself does not initiate TLS renegotiation at any point. The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. Pre-requisites for this attack : 1. The attacker must be able to establish a MITM between the client and the server (ArubaOS WebUI). 2. The attacker must be able to establish a successful HTTPS session with the server (ArubaOS WebUI) 3. ArubaOS must be configured to allow certificate based HTTPS authentication for WebUI clients (client certs). Captive Portal users do not seem vulnerable to this issue unless somehow client certificates are being used to authenticate captive portal users. CVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) WORKAROUNDS Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical. However, in the event that a patch cannot immediately be applied, the following steps will help to mitigate the risk: - - - Disable certificate based HTTPS authentication (and only allow username-password based authentication) for WebUI clients. Client's username-password authentication POST request will prohibit attacker's injected HTTP data from executing with client's cookie. CLI command: web-server mgmt-auth username/password - - - Permit certificate based HTTPS authentication ONLY and disable username-password based authentication to WebUI. This will prohibit attacker from establishing a HTTPS session with ArubaOS (for MITM) without a valid client cert. CLI command: web-server mgmt-auth certificate Note: This step won't stop command injection from attackers who have valid client certificates but their assigned management role privileges are lower than that of the admin. This attack may allow them to run commands at higher privilege than what is permitted in their role. - - - Do not expose the Mobility Controller administrative interface to untrusted networks such as the Internet. SOLUTION Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical. The following patches have the fix (any newer patch will also have the fix): - - - - 2.5.6.24 - - - - 3.3.2.23 - - - - 3.3.3.2 - - - - 3.4.0.7 - - - - 3.4.1.1 - - - - RN 3.1.4 Please contact Aruba support for obtaining patched FIPS releases. Please note: We highly recommend that you upgrade your Mobility Controller to the latest available patch on the Aruba support site corresponding to your currently installed release. REFERENCES [1] http://extendedsubset.com/?p=8 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 +---------------------------------------------------- OBTAINING FIXED FIRMWARE Aruba customers can obtain the firmware on the support website: http://www.arubanetworks.com/support. Aruba Support contacts are as follows: 1-800-WiFiLAN (1-800-943-4526) (toll free from within North America) +1-408-754-1200 (toll call from anywhere in the world) e-mail: support(at)arubanetworks.com Please, do not contact either "wsirt(at)arubanetworks.com" or "security(at)arubanetworks.com" for software upgrades. EXPLOITATION AND PUBLIC ANNOUNCEMENTS This vulnerability will be announced at Aruba W.S.I.R.T. Advisory: http://www.arubanetworks.com/support/alerts/aid-020810.txt SecurityFocus Bugtraq http://www.securityfocus.com/archive/1 STATUS OF THIS NOTICE: Final Although Aruba Networks cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Aruba Networks does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Aruba Networks may update this advisory. A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. DISTRIBUTION OF THIS ANNOUNCEMENT This advisory will be posted on Aruba's website at: http://www.arubanetworks.com/support/alerts/aid-020810.txt Future updates of this advisory, if any, will be placed on Aruba's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. REVISION HISTORY Revision 1.0 / 02-08-2010 / Initial release ARUBA WSIRT SECURITY PROCEDURES Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at http://www.arubanetworks.com/support/wsirt.php For reporting *NEW* Aruba Networks security issues, email can be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.arubanetworks.com/support/wsirt.php (c) Copyright 2010 by Aruba Networks, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktwksYACgkQp6KijA4qefXErQCeKJW3YU3Nl7JY4+2Hp2zqM3bN bWAAoJWQT+yeWX2q+02hNEwHWQtGf1YP =CrHf -----END PGP SIGNATURE-----

AFFECTED PRODUCTS