Säkerhetsbulletin från Debian

DSA-1934-1 apache2 -- flera problem

Rapporterat den:
2009-11-16
Berörda paket:
apache2
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Mitres CVE-förteckning: CVE-2009-3094, CVE-2009-3095, CVE-2009-3555.
Ytterligare information:

Ett designproblem har hittats i TLS- och SSL-protokollen som tillåter en angripare att injicera godtyckligt innehåll i början av en TLS-/SSL-anslutning. Attacken relaterar till det sätt på vilket TLS och SSL hanterar sessionsomförhandlingar. CVE-2009-3555 har tilldelats denna sårbarhet.

Som ett sorts skydd mot denna attack, avaktiverar denna apache2-uppdatering klientinitierade omförhandlingar. Detta bör rätta sårbarheten för lejonparten av de Apache-konfigurationer som används.

Observera: Detta är inte en komplett rättelse för problemet. Attacken är fortfarande möjlig i konfigureringar där servern initierar omförhandlingen. Detta är fallet för följande konfigurationer (informationen i ändringsloggen för de uppdaterade paketen är något felaktig):

  • SSLVerifyClient-direktivet används i ett Directory- eller Location-sammanhang.
  • SSLCipherSuite-direktivet används i ett Directory- eller Location-sammanhang.

För att kringgå problemet, kan ni omarbeta er konfiguration så att SSLVerifyClient och SSLCipherSuite bara används på server- eller virtuell värd-nivån.

En komplett rättelse för problemet kommer kräva en protokolländring. Mer information kommer inkluderas i ett separat tillkännagivande om detta problem.

Dessutom rättar denna uppdatering följande problem i Apaches mod_proxy_ftp:

  • CVE-2009-3094

    Otillräcklig städning av indata i modulen mod_proxy_ftp tillät fjärr-FTP-servrar att orsaka en överbelastning (NULL-pekaravreferering och underprocesskrasch) med hjälp av ett felformaterat svar på ett EPSV-kommando.

  • CVE-2009-3095

    Otillräcklig kontroll av indata i modulen mod_proxy_ftp tillät fjärrautentiserade angripare att kringgå åtkomstrestriktioner och skicka godtyckliga FTP-kommandon till en FTP-server.

För den gamla stabila utgåvan (Etch) har dessa problem rättats i version 2.2.3-4+etch11.

För den stabila utgåvan (Lenny) har dessa problem rättats i version 2.2.9-10+lenny6. Denna version innehåller också några icke-säkerhetsrelaterade felrättningar som skulle ha funnits i nästa stabila punktutgåva (Debian 5.0.4).

För uttestningsutgåvan (Squeeze) och den instabila utgåvan (Sid) kommer dessa problem att rättas i version 2.2.14-2.

Denna bulletin tillhandahåller också uppdaterade apache2-mpm-itk-paket som har kompilerats om mot de nya apache2-paketen.

Uppdaterade apache2-mpm-itk-paket för armel-arkitekturen har ännu inte inkluderats. De kommer släppas så snart de blir tillgängliga.

Vi rekommenderar att ni uppgraderar era apache2 och apache2-mpm-itk-paket.

Rättat i:

Debian GNU/Linux 4.0 (etch)

Källkod:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.dsc
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.diff.gz
Arkitekturoberoende komponent:
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch11_all.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch11_all.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11_all.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch11_all.deb
Alpha:
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_arm.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_arm.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_arm.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_arm.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_arm.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_arm.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_arm.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_i386.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_i386.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_i386.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_i386.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_i386.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_i386.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_i386.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mips.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mips.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mips.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mips.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mips.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mips.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mips.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_s390.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_s390.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_s390.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_s390.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_s390.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_s390.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_s390.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_sparc.deb

Debian GNU/Linux 5.0 (lenny)

Källkod:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.dsc
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.diff.gz
Arkitekturoberoende komponent:
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny6_all.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny6_all.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6_all.deb
Alpha:
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_alpha.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_amd64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_arm.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_arm.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_arm.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_arm.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_arm.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_arm.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_arm.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_arm.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_arm.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_arm.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_arm.deb
ARM EABI:
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_armel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_armel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_armel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_armel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_armel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_armel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_armel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_armel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_armel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_armel.deb
HP Precision:
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_hppa.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_i386.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_i386.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_i386.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_i386.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_i386.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_i386.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_i386.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_i386.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_i386.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_ia64.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mips.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mips.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mips.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mips.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mips.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mips.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mips.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mips.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mips.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mips.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_s390.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_s390.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_s390.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_s390.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_s390.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_s390.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_s390.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_s390.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_s390.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_s390.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_sparc.deb
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.