[USN-813-1] apr vulnerability
Date: Fri, 7 Aug 2009 19:57:13 -0500
From: Jamie Strandboge <jamie@canonical.com.>
To: [email protected]
Subject: [USN-813-1] apr vulnerability
Message-ID: <20090808005713.GB2318@severus.strandboge.com.>
Reply-To: Ubuntu Security <security@ubuntu.com.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="U+BazGySraz5kW0T"
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
X-Virus-Scanned: antivirus-gw at tyumen.ru
--U+BazGySraz5kW0T
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Ubuntu Security Notice USN-813-1 August 08, 2009
apr vulnerability
CVE-2009-2412
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
libapr1 1.2.11-1ubuntu0.1
Ubuntu 8.10:
libapr1 1.2.12-4ubuntu0.1
Ubuntu 9.04:
libapr1 1.2.12-5ubuntu0.1
After a standard system upgrade you need to restart any applications using
apr, such as Subversion and Apache, to effect the necessary changes.
Details follow:
Matt Lewis discovered that apr did not properly sanitize its input when
allocating memory. If an application using apr processed crafted input, a
remote attacker could cause a denial of service or potentially execute
arbitrary code as the user invoking the application.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11-1ubuntu0.1.diff.gz
Size/MD5: 15611 add923c3313d739b3f20f207f71c73d8
http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11-1ubuntu0.1.dsc
Size/MD5: 1125 80e494c58542be8b4d0294bd7e59dc13
http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11.orig.tar.gz
Size/MD5: 1114033 afcf9541dc31551abeb6c53bb42c2596
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_amd64.deb
Size/MD5: 194610 716922eb0712a07fed068fcb925772c1
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_amd64.deb
Size/MD5: 788200 a69f65f1e8aeb641aca3a249a842ce28
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_amd64.deb
Size/MD5: 117152 6413342ab115ccb57a59680e4ad40d6f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_i386.deb
Size/MD5: 189048 d59218dc9160e0bb0470563333173d04
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_i386.deb
Size/MD5: 776116 4446e1f5e8ce9926cda8fc5c3f20e17c
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_i386.deb
Size/MD5: 113026 67a51cd1f86be2d432f4d1a5f286eebf
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_lpia.deb
Size/MD5: 190698 52f49994e4febd9fc97e15519decea0e
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_lpia.deb
Size/MD5: 775518 0e7976961d9ce279db79ba14775107f9
http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_lpia.deb
Size/MD5: 111342 74f98528ff681564b8c69beead400bd6
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_powerpc.deb
Size/MD5: 195426 d8c12007029f0cf180a86f42e79ded57
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_powerpc.deb
Size/MD5: 787514 a553507d0ed7ed8afc9d2a9fc866eb70
http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_powerpc.deb
Size/MD5: 123062 9a90160cdc43792ce2bc49df4ae91865
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_sparc.deb
Size/MD5: 175976 9cc036cfae077abd1ac467af6bd790c1
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_sparc.deb
Size/MD5: 776780 5117cf23995948387b6fb14b68431ae6
http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_sparc.deb
Size/MD5: 108894 a4427541fc8b13d0a9b89fbaba2a434a
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-4ubuntu0.1.diff.gz
Size/MD5: 12533 057d9b6e04b87b71e9518d53de61b659
http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-4ubuntu0.1.dsc
Size/MD5: 1384 58b855b6bfd0504326eb02fa5dd9f6e9
http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12.orig.tar.gz
Size/MD5: 1127522 020ea947446dca2d1210c099c7a4c837
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_amd64.deb
Size/MD5: 53468 eb68dda90aed2dfd1e9c55766dd4d424
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_amd64.deb
Size/MD5: 785202 d7f1e3477f79d4433b9390411b814073
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_amd64.deb
Size/MD5: 113952 92d67e89dcf26a5bc02d98bf86fc22f9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_i386.deb
Size/MD5: 53464 c3dd60a4f092291b562ba212e3f60da7
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_i386.deb
Size/MD5: 772414 6001d74f8ec3772706b267410321fb3d
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_i386.deb
Size/MD5: 108752 0bfab5d3b02547e5690d766393336d1e
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_lpia.deb
Size/MD5: 53444 2b5634382952fa49c759c1a4d4073f20
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_lpia.deb
Size/MD5: 771794 f5be7e04e8e49a952f331d1c51d0dfa3
http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_lpia.deb
Size/MD5: 106786 14eec6bff97d98911d5aae1f7e6b6e42
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_powerpc.deb
Size/MD5: 54804 a629d5b1784683de60bad9fd3347ec0b
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_powerpc.deb
Size/MD5: 781506 c31d8fbad695f3444247605e8735f417
http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_powerpc.deb
Size/MD5: 115848 eca448cd2d24d9033052644c6e6699fd
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_sparc.deb
Size/MD5: 54124 1f20ab360c8423cc0f23e703a49258f8
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_sparc.deb
Size/MD5: 778254 592362c830dc1dbe4a11891014aa3d79
http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_sparc.deb
Size/MD5: 109060 e7fe5915bedd748ea1fae929b7744ebc
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-5ubuntu0.1.diff.gz
Size/MD5: 12392 dad717ee3cf5ee5a51f4557e107f7f0b
http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-5ubuntu0.1.dsc
Size/MD5: 1384 282ecf985e0843d0790a6faad28bf08e
http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12.orig.tar.gz
Size/MD5: 1127522 020ea947446dca2d1210c099c7a4c837
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_amd64.deb
Size/MD5: 53506 6614950fdda2e501f6e08cb72e1fc7f8
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_amd64.deb
Size/MD5: 785976 a55e34fc1c8dfdfd18c258b734562d16
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_amd64.deb
Size/MD5: 114016 c06eaa80d78148669a99b0baba6e233a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_i386.deb
Size/MD5: 53502 9cfdb6c1d30317b66e82237f204e945b
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_i386.deb
Size/MD5: 773486 96be1dd29735870a80385217fe443363
http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_i386.deb
Size/MD5: 108822 5de07e4a316394e2347a3cd2b6f68cf4
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_lpia.deb
Size/MD5: 53480 5e3f7e68d7492e5b8c0821d9fc873513
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_lpia.deb
Size/MD5: 772806 fb8c2e67ac688a9ec4e3ce23874f2acd
http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_lpia.deb
Size/MD5: 106850 b0e1853de388ba71b0f2a8c5539be9cf
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_powerpc.deb
Size/MD5: 54828 de1be5158a85c5e33e510329f2e571e1
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_powerpc.deb
Size/MD5: 782358 5e69131b4a32e3e5ce9abc5e8503599f
http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_powerpc.deb
Size/MD5: 115900 55d92b74d725f6d80a3848e9a3b7723e
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_sparc.deb
Size/MD5: 54170 2d5973180a33b09b336698718be07238
http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_sparc.deb
Size/MD5: 779146 ec3ab918bbf8e8a758b95137cd371a89
http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_sparc.deb
Size/MD5: 109082 2b5b346d2ed2237cc2f782eae01df534
--U+BazGySraz5kW0T
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkp8zWkACgkQW0JvuRdL8Bpn6ACgm1PFkdjZEH1VbQWHflUYjibA
MeUAn3H4AD/qlGnuLW9eSNB2hdUDKu2e
=orgG
-----END PGP SIGNATURE-----
--U+BazGySraz5kW0T--