[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[USN-813-1] apr vulnerability



===========================================================
Ubuntu Security Notice USN-813-1            August 08, 2009
apr vulnerability
CVE-2009-2412
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libapr1                         1.2.11-1ubuntu0.1

Ubuntu 8.10:
  libapr1                         1.2.12-4ubuntu0.1

Ubuntu 9.04:
  libapr1                         1.2.12-5ubuntu0.1

After a standard system upgrade you need to restart any applications using
apr, such as Subversion and Apache, to effect the necessary changes.

Details follow:

Matt Lewis discovered that apr did not properly sanitize its input when
allocating memory. If an application using apr processed crafted input, a
remote attacker could cause a denial of service or potentially execute
arbitrary code as the user invoking the application.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11-1ubuntu0.1.diff.gz
      Size/MD5:    15611 add923c3313d739b3f20f207f71c73d8
    http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11-1ubuntu0.1.dsc
      Size/MD5:     1125 80e494c58542be8b4d0294bd7e59dc13
    http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11.orig.tar.gz
      Size/MD5:  1114033 afcf9541dc31551abeb6c53bb42c2596

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_amd64.deb
      Size/MD5:   194610 716922eb0712a07fed068fcb925772c1
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_amd64.deb
      Size/MD5:   788200 a69f65f1e8aeb641aca3a249a842ce28
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_amd64.deb
      Size/MD5:   117152 6413342ab115ccb57a59680e4ad40d6f

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_i386.deb
      Size/MD5:   189048 d59218dc9160e0bb0470563333173d04
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_i386.deb
      Size/MD5:   776116 4446e1f5e8ce9926cda8fc5c3f20e17c
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_i386.deb
      Size/MD5:   113026 67a51cd1f86be2d432f4d1a5f286eebf

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_lpia.deb
      Size/MD5:   190698 52f49994e4febd9fc97e15519decea0e
    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_lpia.deb
      Size/MD5:   775518 0e7976961d9ce279db79ba14775107f9
    http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_lpia.deb
      Size/MD5:   111342 74f98528ff681564b8c69beead400bd6

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_powerpc.deb
      Size/MD5:   195426 d8c12007029f0cf180a86f42e79ded57
    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_powerpc.deb
      Size/MD5:   787514 a553507d0ed7ed8afc9d2a9fc866eb70
    
http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_powerpc.deb
      Size/MD5:   123062 9a90160cdc43792ce2bc49df4ae91865

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_sparc.deb
      Size/MD5:   175976 9cc036cfae077abd1ac467af6bd790c1
    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_sparc.deb
      Size/MD5:   776780 5117cf23995948387b6fb14b68431ae6
    http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_sparc.deb
      Size/MD5:   108894 a4427541fc8b13d0a9b89fbaba2a434a

Updated packages for Ubuntu 8.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-4ubuntu0.1.diff.gz
      Size/MD5:    12533 057d9b6e04b87b71e9518d53de61b659
    http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-4ubuntu0.1.dsc
      Size/MD5:     1384 58b855b6bfd0504326eb02fa5dd9f6e9
    http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12.orig.tar.gz
      Size/MD5:  1127522 020ea947446dca2d1210c099c7a4c837

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_amd64.deb
      Size/MD5:    53468 eb68dda90aed2dfd1e9c55766dd4d424
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_amd64.deb
      Size/MD5:   785202 d7f1e3477f79d4433b9390411b814073
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_amd64.deb
      Size/MD5:   113952 92d67e89dcf26a5bc02d98bf86fc22f9

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_i386.deb
      Size/MD5:    53464 c3dd60a4f092291b562ba212e3f60da7
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_i386.deb
      Size/MD5:   772414 6001d74f8ec3772706b267410321fb3d
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_i386.deb
      Size/MD5:   108752 0bfab5d3b02547e5690d766393336d1e

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_lpia.deb
      Size/MD5:    53444 2b5634382952fa49c759c1a4d4073f20
    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_lpia.deb
      Size/MD5:   771794 f5be7e04e8e49a952f331d1c51d0dfa3
    http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_lpia.deb
      Size/MD5:   106786 14eec6bff97d98911d5aae1f7e6b6e42

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_powerpc.deb
      Size/MD5:    54804 a629d5b1784683de60bad9fd3347ec0b
    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_powerpc.deb
      Size/MD5:   781506 c31d8fbad695f3444247605e8735f417
    
http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_powerpc.deb
      Size/MD5:   115848 eca448cd2d24d9033052644c6e6699fd

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_sparc.deb
      Size/MD5:    54124 1f20ab360c8423cc0f23e703a49258f8
    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_sparc.deb
      Size/MD5:   778254 592362c830dc1dbe4a11891014aa3d79
    http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_sparc.deb
      Size/MD5:   109060 e7fe5915bedd748ea1fae929b7744ebc

Updated packages for Ubuntu 9.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-5ubuntu0.1.diff.gz
      Size/MD5:    12392 dad717ee3cf5ee5a51f4557e107f7f0b
    http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-5ubuntu0.1.dsc
      Size/MD5:     1384 282ecf985e0843d0790a6faad28bf08e
    http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12.orig.tar.gz
      Size/MD5:  1127522 020ea947446dca2d1210c099c7a4c837

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_amd64.deb
      Size/MD5:    53506 6614950fdda2e501f6e08cb72e1fc7f8
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_amd64.deb
      Size/MD5:   785976 a55e34fc1c8dfdfd18c258b734562d16
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_amd64.deb
      Size/MD5:   114016 c06eaa80d78148669a99b0baba6e233a

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_i386.deb
      Size/MD5:    53502 9cfdb6c1d30317b66e82237f204e945b
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_i386.deb
      Size/MD5:   773486 96be1dd29735870a80385217fe443363
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_i386.deb
      Size/MD5:   108822 5de07e4a316394e2347a3cd2b6f68cf4

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_lpia.deb
      Size/MD5:    53480 5e3f7e68d7492e5b8c0821d9fc873513
    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_lpia.deb
      Size/MD5:   772806 fb8c2e67ac688a9ec4e3ce23874f2acd
    http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_lpia.deb
      Size/MD5:   106850 b0e1853de388ba71b0f2a8c5539be9cf

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_powerpc.deb
      Size/MD5:    54828 de1be5158a85c5e33e510329f2e571e1
    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_powerpc.deb
      Size/MD5:   782358 5e69131b4a32e3e5ce9abc5e8503599f
    
http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_powerpc.deb
      Size/MD5:   115900 55d92b74d725f6d80a3848e9a3b7723e

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_sparc.deb
      Size/MD5:    54170 2d5973180a33b09b336698718be07238
    
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_sparc.deb
      Size/MD5:   779146 ec3ab918bbf8e8a758b95137cd371a89
    http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_sparc.deb
      Size/MD5:   109082 2b5b346d2ed2237cc2f782eae01df534


Attachment: signature.asc
Description: Digital signature