lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090808010616.GA2695@severus.strandboge.com>
Date: Fri, 7 Aug 2009 20:06:16 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-813-2] Apache vulnerability

===========================================================
Ubuntu Security Notice USN-813-2            August 08, 2009
apache2 vulnerability
CVE-2009-2412
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libapr0                         2.0.55-4ubuntu2.7

After a standard system upgrade you need to restart any applications using
apr, such as Subversion and Apache, to effect the necessary changes.

Details follow:

USN-813-1 fixed vulnerabilities in apr. This update provides the
corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS.

Original advisory details:

 Matt Lewis discovered that apr did not properly sanitize its input when
 allocating memory. If an application using apr processed crafted input, a
 remote attacker could cause a denial of service or potentially execute
 arbitrary code as the user invoking the application.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.diff.gz
      Size/MD5:   126010 68da83341313e1b166fe345138d1eaa5
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.dsc
      Size/MD5:     1156 0b17c48d0880ab82c769c41d1aff7002
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
      Size/MD5:  6092031 45e32c9432a8e3cf4227f5af91b03622

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.7_all.deb
      Size/MD5:  2125530 9356b79c2b1591ffec1a6cd1974f82fd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:   833902 08b8aaf66aa52e6fd9dbed1647bb5dd2
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:   229124 400d32297652e4976456cb7b367cc435
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:   224122 07be7749fd618703c9f093efeb5e6fad
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:   228700 9c79315063121eb7017cd99c6bb4667c
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:   172244 e15a994901f09e6e8294d656b8a8254c
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:   173028 985f0a987b0e5e17b24fdd6f8475781a
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:    95066 2b836251f30a5c3d0cb24c2775a9b997
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:    37096 2756f162320b3b183c7447dad130cff9
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:   286664 f46d70c05cba04ceaba7d62afe5ac5be
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_amd64.deb
      Size/MD5:   145234 e1c285b96d1ee5e8a66d01eadcc289c6

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:   787150 ab3e75481087dc0148ca3ccc450a1ab1
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:   203722 e10938af36f0e1802fbd3b0946ae6e3c
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:   199634 7ee8d5ba9679c8c7dd78c95b5fb74046
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:   203146 5456087e20afd24d2a27d648fafeb135
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:   172228 98a58d9526a667a05573e9b26fcfd45b
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:   173020 1db636c0e79b0ea3c405da958c35c932
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:    92998 737aee7a7026d4d9b33a0f71b44e0b19
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:    37098 15db8827569af434025942a84e77b381
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:   262652 93f2171d69072153264cab51860f781c
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_i386.deb
      Size/MD5:   133118 cac6f1c804a1e34bf4250be4d8670862

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   859954 558399d0c5fb22cee0cdc1b20d4d7586
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   221090 94c5789d3d06b3553d883eca45ab06b7
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   216702 68edfa60eb9de377b20be68e10bd879a
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   220634 8f103f83772eb2e52cd38bb0fb1efbec
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   172234 559b5683e44f424324d43b09f42c63f6
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   173014 7c05a2f5fe626036ebaa271cece0cd09
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   104772 63a31e0f30472ebc19a79744b1b1fe03
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:    37098 c00f5d32432f97ac992652ac1bbb7259
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   282244 1a2c7d7038b335ae2ab6ff68d06a380f
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_powerpc.deb
      Size/MD5:   142328 169a4ce5fc42eb789c76f46acb07aa00

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:   804250 3a780a65322c539717e93a64792acc16
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:   211276 e1f45226511664f1759a6ad75aff6155
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:   206948 19e2792273d8a4935ef6fcc6ee369326
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:   210556 e62136b10dca8c665defa2cc54640e64
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:   172232 6e2213cb4b6a5dec1506fe01ce5cc028
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:   173010 9603ee752f034d04fd349db168fbe2f2
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:    94084 c6f6315ff2e1865f409ae49d54e3a233
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:    37102 fdb3a44756f9d6e8d36c1b2558420d57
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:   268648 03fbe81b3cc1f0ac17961fc5c58a3f5f
    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_sparc.deb
      Size/MD5:   131056 8707670bfb577280d9b5d0689c51608c



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ