[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [USN-813-3] apr-util vulnerability



===========================================================
Ubuntu Security Notice USN-813-3            August 08, 2009
apr-util vulnerability
CVE-2009-2412
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libaprutil1                     1.2.12+dfsg-3ubuntu0.2

Ubuntu 8.10:
  libaprutil1                     1.2.12+dfsg-7ubuntu0.3

Ubuntu 9.04:
  libaprutil1                     1.2.12+dfsg-8ubuntu0.3

After a standard system upgrade you need to restart any applications using
apr-util, such as Subversion and Apache, to effect the necessary changes.

Details follow:

USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding 
updates for apr-util.

Original advisory details:

 Matt Lewis discovered that apr did not properly sanitize its input when
 allocating memory. If an application using apr processed crafted input, a
 remote attacker could cause a denial of service or potentially execute
 arbitrary code as the user invoking the application.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-3ubuntu0.2.diff.gz
      Size/MD5:    25223 c491683a8eafa49c7405a3f300e65121
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-3ubuntu0.2.dsc
      Size/MD5:     1324 88ae14ce33166e372cdd6f8bcf613f92
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz
      Size/MD5:   658687 4ef3e41037fe0cdd3a0d107335a008eb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_amd64.deb
      Size/MD5:   133304 e29516cb4b454f1c3cd325e5cbe39cb4
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_amd64.deb
      Size/MD5:   129976 8f85bb63ecb4065a80b1b88ba8d76948
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_amd64.deb
      Size/MD5:    76016 4e9115941ed9159e504184ca13aa90e4

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_i386.deb
      Size/MD5:   126510 2da368c73ee8f98b5dab99e1709f1156
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_i386.deb
      Size/MD5:   119570 3d2ae02052a2b86d26aaf2f33c412a33
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_i386.deb
      Size/MD5:    70528 388a8676998117644995e177f5936bbe

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_lpia.deb
      Size/MD5:   128320 dabf57ad0cecb8fcd89fe727ed3dc31b
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_lpia.deb
      Size/MD5:   119216 45a38f1b5754562d783f75d24210c74d
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_lpia.deb
      Size/MD5:    69700 4da2de6469a2986eaa1a6a83189424ea

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_powerpc.deb
      Size/MD5:   134052 317a3362a63bac3e6968793b1bae8772
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_powerpc.deb
      Size/MD5:   130390 6a22f60dd54ebb4905f32c7e25d016a7
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_powerpc.deb
      Size/MD5:    80238 46514a01aafcaf4c2f9403aecec2ee67

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_sparc.deb
      Size/MD5:   120272 ff0c69402549737e9ded54e1f8121183
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_sparc.deb
      Size/MD5:   124284 e4f8d6fb63c40e2c7e1f76c17e731ae7
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_sparc.deb
      Size/MD5:    71220 c9e3d018c2c90ff0df35076ce9cc61c9

Updated packages for Ubuntu 8.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-7ubuntu0.3.diff.gz
      Size/MD5:    26056 681e0a17fbbc73c4df8039af9c9bf39b
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-7ubuntu0.3.dsc
      Size/MD5:     1632 0b733d35b65cbaa590106f5439a3d60c
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz
      Size/MD5:   658687 4ef3e41037fe0cdd3a0d107335a008eb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_amd64.deb
      Size/MD5:   150926 f84b953448992901f397163370ea50cb
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_amd64.deb
      Size/MD5:   136498 5aacc2b07791b3bd829ac7f86acd339c
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_amd64.deb
      Size/MD5:    82582 c9026cdd489cd35e370ba77d2340b61a

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_i386.deb
      Size/MD5:   144188 37a2d20a24036401f18fda98f305f707
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_i386.deb
      Size/MD5:   124918 ab9e5a80eadcc83a56fa79947bcf50d2
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_i386.deb
      Size/MD5:    75948 f60d59dc4dfae7642759e9e04836a043

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_lpia.deb
      Size/MD5:   145568 461f743ee035d1c819e999b7fb285e3d
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_lpia.deb
      Size/MD5:   124706 88715c94e75a9208472f89315a43a191
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_lpia.deb
      Size/MD5:    75294 75ec0cb0a60394270ed01c624ab2ca45

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_powerpc.deb
      Size/MD5:   150370 b4ceaab7f90f66cfa7c1f49807392eb3
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_powerpc.deb
      Size/MD5:   136022 e387a546ebdac695e59c0a9c8e81c317
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_powerpc.deb
      Size/MD5:    84950 b686d8972716ba63a3d11d814839b9cf

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_sparc.deb
      Size/MD5:   135514 9827bf55329a04b17f6a7f84607cf2c2
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_sparc.deb
      Size/MD5:   128478 cb3c9c3ed8c65bb4150bb43695c7e100
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_sparc.deb
      Size/MD5:    75496 3ea0dff43bb0f651ae0148e448d13ad4

Updated packages for Ubuntu 9.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-8ubuntu0.3.diff.gz
      Size/MD5:    23312 6585617002ebb7d19e1bda7e099ae282
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-8ubuntu0.3.dsc
      Size/MD5:     1630 f7de26eb17fec57fa163e3e4410206ba
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz
      Size/MD5:   658687 4ef3e41037fe0cdd3a0d107335a008eb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_amd64.deb
      Size/MD5:   147492 81a39d8f099e1df7ebe44fe183c4b862
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_amd64.deb
      Size/MD5:   133158 b419556248ef642ba39d885977836d21
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_amd64.deb
      Size/MD5:    79108 ce8b662218c46553859aa56e62eb7478

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_i386.deb
      Size/MD5:   140628 652b4cebfd41a022bce97331144cb781
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_i386.deb
      Size/MD5:   121362 e7116f8304e07bfe3972909d5d3a2527
    
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_i386.deb
      Size/MD5:    72564 45123878c4a49deac7b9cd3d2ffc114b

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_lpia.deb
      Size/MD5:   141900 5ebf828408751090b98f5bcc333091d1
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_lpia.deb
      Size/MD5:   121152 7966b64663cdb9f2f356bab6bf5497a1
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_lpia.deb
      Size/MD5:    71974 fa4eecc0e9fbde67202a4d6cb23428a4

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_powerpc.deb
      Size/MD5:   146736 c24f4e72d8d235ee281c73c0f28ed9d4
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_powerpc.deb
      Size/MD5:   132578 08e7e684493b5be07caf87ee4a72b794
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_powerpc.deb
      Size/MD5:    81516 ddccbfd2f3c16afab66d3497e16b0a7b

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_sparc.deb
      Size/MD5:   131528 05cf349f401cadcce9b4f05af60c5a7c
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_sparc.deb
      Size/MD5:   124898 d558d40964826c4fd4653c31e1df8225
    
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_sparc.deb
      Size/MD5:    71818 d0edb0876c741dfddbd063d9d84ea10f


Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/