[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [USN-813-2] Apache vulnerability



===========================================================
Ubuntu Security Notice USN-813-2            August 08, 2009
apache2 vulnerability
CVE-2009-2412
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libapr0                         2.0.55-4ubuntu2.7

After a standard system upgrade you need to restart any applications using
apr, such as Subversion and Apache, to effect the necessary changes.

Details follow:

USN-813-1 fixed vulnerabilities in apr. This update provides the
corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS.

Original advisory details:

 Matt Lewis discovered that apr did not properly sanitize its input when
 allocating memory. If an application using apr processed crafted input, a
 remote attacker could cause a denial of service or potentially execute
 arbitrary code as the user invoking the application.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.diff.gz
      Size/MD5:   126010 68da83341313e1b166fe345138d1eaa5
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.dsc
      Size/MD5:     1156 0b17c48d0880ab82c769c41d1aff7002
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
      Size/MD5:  6092031 45e32c9432a8e3cf4227f5af91b03622

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.7_all.deb
      Size/MD5:  2125530 9356b79c2b1591ffec1a6cd1974f82fd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:   833902 08b8aaf66aa52e6fd9dbed1647bb5dd2
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:   229124 400d32297652e4976456cb7b367cc435
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:   224122 07be7749fd618703c9f093efeb5e6fad
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:   228700 9c79315063121eb7017cd99c6bb4667c
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:   172244 e15a994901f09e6e8294d656b8a8254c
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:   173028 985f0a987b0e5e17b24fdd6f8475781a
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:    95066 2b836251f30a5c3d0cb24c2775a9b997
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:    37096 2756f162320b3b183c7447dad130cff9
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:   286664 f46d70c05cba04ceaba7d62afe5ac5be
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:   145234 e1c285b96d1ee5e8a66d01eadcc289c6

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:   787150 ab3e75481087dc0148ca3ccc450a1ab1
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:   203722 e10938af36f0e1802fbd3b0946ae6e3c
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:   199634 7ee8d5ba9679c8c7dd78c95b5fb74046
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:   203146 5456087e20afd24d2a27d648fafeb135
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:   172228 98a58d9526a667a05573e9b26fcfd45b
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:   173020 1db636c0e79b0ea3c405da958c35c932
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:    92998 737aee7a7026d4d9b33a0f71b44e0b19
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:    37098 15db8827569af434025942a84e77b381
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:   262652 93f2171d69072153264cab51860f781c
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:   133118 cac6f1c804a1e34bf4250be4d8670862

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   859954 558399d0c5fb22cee0cdc1b20d4d7586
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   221090 94c5789d3d06b3553d883eca45ab06b7
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   216702 68edfa60eb9de377b20be68e10bd879a
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   220634 8f103f83772eb2e52cd38bb0fb1efbec
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   172234 559b5683e44f424324d43b09f42c63f6
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   173014 7c05a2f5fe626036ebaa271cece0cd09
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   104772 63a31e0f30472ebc19a79744b1b1fe03
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:    37098 c00f5d32432f97ac992652ac1bbb7259
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   282244 1a2c7d7038b335ae2ab6ff68d06a380f
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   142328 169a4ce5fc42eb789c76f46acb07aa00

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:   804250 3a780a65322c539717e93a64792acc16
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:   211276 e1f45226511664f1759a6ad75aff6155
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:   206948 19e2792273d8a4935ef6fcc6ee369326
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:   210556 e62136b10dca8c665defa2cc54640e64
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:   172232 6e2213cb4b6a5dec1506fe01ce5cc028
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:   173010 9603ee752f034d04fd349db168fbe2f2
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:    94084 c6f6315ff2e1865f409ae49d54e3a233
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:    37102 fdb3a44756f9d6e8d36c1b2558420d57
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:   268648 03fbe81b3cc1f0ac17961fc5c58a3f5f
    
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:   131056 8707670bfb577280d9b5d0689c51608c


Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/