- -------------------------------------------------------------------------- Debian Security Advisory DSA 1000-2 security@debian.org http://www.debian.org/security/ Martin Schulze April 3rd, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : libapreq2-perl Vulnerability : design error Problem type : remote Debian-specific: no CVE ID : CVE-2006-0042 BugTraq ID : 16710 Debian Bug : 354060 358689 Gunnar Wolf noticed that the correction for the following problem was not complete and requires an update. For completeness we're providing the original problem description: An algorithm weakness has been discovered in Apache2::Request, the generic request library for Apache2 which can be exploited remotely and cause a denial of service via CPU consumption. The old stable distribution (woody) does not contain this package. For the stable distribution (sarge) this problem has been fixed in version 2.04-dev-1sarge2. For the unstable distribution (sid) this problem has been fixed in version 2.07-1. We recommend that you upgrade your libapreq2, libapache2-mod-apreq2 and libapache2-request-perl packages.
pcc and x86 please mark stable, thank you.
ppc stable
Stable on x86.
nice :) CPU consumption : not sure a GLSA is needed. Really not.
I tend to vote yes. DoS on apache (even by CPU consumption) is nasty.
i vote yes here - as Koon said, DoSing apache is evil.
I tend to vote YES too, so let's have a GLSA.
GLSA 200604-08, thx everyone
