=========================================================== Ubuntu Security Notice USN-813-1 August 08, 2009 apr vulnerability CVE-2009-2412 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libapr1 1.2.11-1ubuntu0.1 Ubuntu 8.10: libapr1 1.2.12-4ubuntu0.1 Ubuntu 9.04: libapr1 1.2.12-5ubuntu0.1 After a standard system upgrade you need to restart any applications using apr, such as Subversion and Apache, to effect the necessary changes. Details follow: Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11-1ubuntu0.1.diff.gz Size/MD5: 15611 add923c3313d739b3f20f207f71c73d8 http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11-1ubuntu0.1.dsc Size/MD5: 1125 80e494c58542be8b4d0294bd7e59dc13 http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11.orig.tar.gz Size/MD5: 1114033 afcf9541dc31551abeb6c53bb42c2596 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_amd64.deb Size/MD5: 194610 716922eb0712a07fed068fcb925772c1 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_amd64.deb Size/MD5: 788200 a69f65f1e8aeb641aca3a249a842ce28 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_amd64.deb Size/MD5: 117152 6413342ab115ccb57a59680e4ad40d6f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_i386.deb Size/MD5: 189048 d59218dc9160e0bb0470563333173d04 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_i386.deb Size/MD5: 776116 4446e1f5e8ce9926cda8fc5c3f20e17c http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_i386.deb Size/MD5: 113026 67a51cd1f86be2d432f4d1a5f286eebf lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_lpia.deb Size/MD5: 190698 52f49994e4febd9fc97e15519decea0e http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_lpia.deb Size/MD5: 775518 0e7976961d9ce279db79ba14775107f9 http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_lpia.deb Size/MD5: 111342 74f98528ff681564b8c69beead400bd6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_powerpc.deb Size/MD5: 195426 d8c12007029f0cf180a86f42e79ded57 http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_powerpc.deb Size/MD5: 787514 a553507d0ed7ed8afc9d2a9fc866eb70 http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_powerpc.deb Size/MD5: 123062 9a90160cdc43792ce2bc49df4ae91865 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_sparc.deb Size/MD5: 175976 9cc036cfae077abd1ac467af6bd790c1 http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_sparc.deb Size/MD5: 776780 5117cf23995948387b6fb14b68431ae6 http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_sparc.deb Size/MD5: 108894 a4427541fc8b13d0a9b89fbaba2a434a Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-4ubuntu0.1.diff.gz Size/MD5: 12533 057d9b6e04b87b71e9518d53de61b659 http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-4ubuntu0.1.dsc Size/MD5: 1384 58b855b6bfd0504326eb02fa5dd9f6e9 http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12.orig.tar.gz Size/MD5: 1127522 020ea947446dca2d1210c099c7a4c837 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_amd64.deb Size/MD5: 53468 eb68dda90aed2dfd1e9c55766dd4d424 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_amd64.deb Size/MD5: 785202 d7f1e3477f79d4433b9390411b814073 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_amd64.deb Size/MD5: 113952 92d67e89dcf26a5bc02d98bf86fc22f9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_i386.deb Size/MD5: 53464 c3dd60a4f092291b562ba212e3f60da7 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_i386.deb Size/MD5: 772414 6001d74f8ec3772706b267410321fb3d http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_i386.deb Size/MD5: 108752 0bfab5d3b02547e5690d766393336d1e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_lpia.deb Size/MD5: 53444 2b5634382952fa49c759c1a4d4073f20 http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_lpia.deb Size/MD5: 771794 f5be7e04e8e49a952f331d1c51d0dfa3 http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_lpia.deb Size/MD5: 106786 14eec6bff97d98911d5aae1f7e6b6e42 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_powerpc.deb Size/MD5: 54804 a629d5b1784683de60bad9fd3347ec0b http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_powerpc.deb Size/MD5: 781506 c31d8fbad695f3444247605e8735f417 http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_powerpc.deb Size/MD5: 115848 eca448cd2d24d9033052644c6e6699fd sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_sparc.deb Size/MD5: 54124 1f20ab360c8423cc0f23e703a49258f8 http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_sparc.deb Size/MD5: 778254 592362c830dc1dbe4a11891014aa3d79 http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_sparc.deb Size/MD5: 109060 e7fe5915bedd748ea1fae929b7744ebc Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-5ubuntu0.1.diff.gz Size/MD5: 12392 dad717ee3cf5ee5a51f4557e107f7f0b http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-5ubuntu0.1.dsc Size/MD5: 1384 282ecf985e0843d0790a6faad28bf08e http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12.orig.tar.gz Size/MD5: 1127522 020ea947446dca2d1210c099c7a4c837 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_amd64.deb Size/MD5: 53506 6614950fdda2e501f6e08cb72e1fc7f8 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_amd64.deb Size/MD5: 785976 a55e34fc1c8dfdfd18c258b734562d16 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_amd64.deb Size/MD5: 114016 c06eaa80d78148669a99b0baba6e233a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_i386.deb Size/MD5: 53502 9cfdb6c1d30317b66e82237f204e945b http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_i386.deb Size/MD5: 773486 96be1dd29735870a80385217fe443363 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_i386.deb Size/MD5: 108822 5de07e4a316394e2347a3cd2b6f68cf4 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_lpia.deb Size/MD5: 53480 5e3f7e68d7492e5b8c0821d9fc873513 http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_lpia.deb Size/MD5: 772806 fb8c2e67ac688a9ec4e3ce23874f2acd http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_lpia.deb Size/MD5: 106850 b0e1853de388ba71b0f2a8c5539be9cf powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_powerpc.deb Size/MD5: 54828 de1be5158a85c5e33e510329f2e571e1 http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_powerpc.deb Size/MD5: 782358 5e69131b4a32e3e5ce9abc5e8503599f http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_powerpc.deb Size/MD5: 115900 55d92b74d725f6d80a3848e9a3b7723e sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_sparc.deb Size/MD5: 54170 2d5973180a33b09b336698718be07238 http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_sparc.deb Size/MD5: 779146 ec3ab918bbf8e8a758b95137cd371a89 http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_sparc.deb Size/MD5: 109082 2b5b346d2ed2237cc2f782eae01df534
Attachment:
signature.asc
Description: Digital signature