lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090808055647.GA6414@severus.strandboge.com>
Date: Sat, 8 Aug 2009 00:56:47 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-813-3] apr-util vulnerability

===========================================================
Ubuntu Security Notice USN-813-3            August 08, 2009
apr-util vulnerability
CVE-2009-2412
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libaprutil1                     1.2.12+dfsg-3ubuntu0.2

Ubuntu 8.10:
  libaprutil1                     1.2.12+dfsg-7ubuntu0.3

Ubuntu 9.04:
  libaprutil1                     1.2.12+dfsg-8ubuntu0.3

After a standard system upgrade you need to restart any applications using
apr-util, such as Subversion and Apache, to effect the necessary changes.

Details follow:

USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr-util.

Original advisory details:

 Matt Lewis discovered that apr did not properly sanitize its input when
 allocating memory. If an application using apr processed crafted input, a
 remote attacker could cause a denial of service or potentially execute
 arbitrary code as the user invoking the application.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-3ubuntu0.2.diff.gz
      Size/MD5:    25223 c491683a8eafa49c7405a3f300e65121
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-3ubuntu0.2.dsc
      Size/MD5:     1324 88ae14ce33166e372cdd6f8bcf613f92
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz
      Size/MD5:   658687 4ef3e41037fe0cdd3a0d107335a008eb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_amd64.deb
      Size/MD5:   133304 e29516cb4b454f1c3cd325e5cbe39cb4
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_amd64.deb
      Size/MD5:   129976 8f85bb63ecb4065a80b1b88ba8d76948
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_amd64.deb
      Size/MD5:    76016 4e9115941ed9159e504184ca13aa90e4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_i386.deb
      Size/MD5:   126510 2da368c73ee8f98b5dab99e1709f1156
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_i386.deb
      Size/MD5:   119570 3d2ae02052a2b86d26aaf2f33c412a33
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_i386.deb
      Size/MD5:    70528 388a8676998117644995e177f5936bbe

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_lpia.deb
      Size/MD5:   128320 dabf57ad0cecb8fcd89fe727ed3dc31b
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_lpia.deb
      Size/MD5:   119216 45a38f1b5754562d783f75d24210c74d
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_lpia.deb
      Size/MD5:    69700 4da2de6469a2986eaa1a6a83189424ea

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_powerpc.deb
      Size/MD5:   134052 317a3362a63bac3e6968793b1bae8772
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_powerpc.deb
      Size/MD5:   130390 6a22f60dd54ebb4905f32c7e25d016a7
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_powerpc.deb
      Size/MD5:    80238 46514a01aafcaf4c2f9403aecec2ee67

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_sparc.deb
      Size/MD5:   120272 ff0c69402549737e9ded54e1f8121183
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_sparc.deb
      Size/MD5:   124284 e4f8d6fb63c40e2c7e1f76c17e731ae7
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_sparc.deb
      Size/MD5:    71220 c9e3d018c2c90ff0df35076ce9cc61c9

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-7ubuntu0.3.diff.gz
      Size/MD5:    26056 681e0a17fbbc73c4df8039af9c9bf39b
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-7ubuntu0.3.dsc
      Size/MD5:     1632 0b733d35b65cbaa590106f5439a3d60c
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz
      Size/MD5:   658687 4ef3e41037fe0cdd3a0d107335a008eb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_amd64.deb
      Size/MD5:   150926 f84b953448992901f397163370ea50cb
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_amd64.deb
      Size/MD5:   136498 5aacc2b07791b3bd829ac7f86acd339c
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_amd64.deb
      Size/MD5:    82582 c9026cdd489cd35e370ba77d2340b61a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_i386.deb
      Size/MD5:   144188 37a2d20a24036401f18fda98f305f707
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_i386.deb
      Size/MD5:   124918 ab9e5a80eadcc83a56fa79947bcf50d2
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_i386.deb
      Size/MD5:    75948 f60d59dc4dfae7642759e9e04836a043

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_lpia.deb
      Size/MD5:   145568 461f743ee035d1c819e999b7fb285e3d
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_lpia.deb
      Size/MD5:   124706 88715c94e75a9208472f89315a43a191
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_lpia.deb
      Size/MD5:    75294 75ec0cb0a60394270ed01c624ab2ca45

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_powerpc.deb
      Size/MD5:   150370 b4ceaab7f90f66cfa7c1f49807392eb3
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_powerpc.deb
      Size/MD5:   136022 e387a546ebdac695e59c0a9c8e81c317
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_powerpc.deb
      Size/MD5:    84950 b686d8972716ba63a3d11d814839b9cf

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_sparc.deb
      Size/MD5:   135514 9827bf55329a04b17f6a7f84607cf2c2
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_sparc.deb
      Size/MD5:   128478 cb3c9c3ed8c65bb4150bb43695c7e100
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_sparc.deb
      Size/MD5:    75496 3ea0dff43bb0f651ae0148e448d13ad4

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-8ubuntu0.3.diff.gz
      Size/MD5:    23312 6585617002ebb7d19e1bda7e099ae282
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-8ubuntu0.3.dsc
      Size/MD5:     1630 f7de26eb17fec57fa163e3e4410206ba
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz
      Size/MD5:   658687 4ef3e41037fe0cdd3a0d107335a008eb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_amd64.deb
      Size/MD5:   147492 81a39d8f099e1df7ebe44fe183c4b862
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_amd64.deb
      Size/MD5:   133158 b419556248ef642ba39d885977836d21
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_amd64.deb
      Size/MD5:    79108 ce8b662218c46553859aa56e62eb7478

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_i386.deb
      Size/MD5:   140628 652b4cebfd41a022bce97331144cb781
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_i386.deb
      Size/MD5:   121362 e7116f8304e07bfe3972909d5d3a2527
    http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_i386.deb
      Size/MD5:    72564 45123878c4a49deac7b9cd3d2ffc114b

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_lpia.deb
      Size/MD5:   141900 5ebf828408751090b98f5bcc333091d1
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_lpia.deb
      Size/MD5:   121152 7966b64663cdb9f2f356bab6bf5497a1
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_lpia.deb
      Size/MD5:    71974 fa4eecc0e9fbde67202a4d6cb23428a4

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_powerpc.deb
      Size/MD5:   146736 c24f4e72d8d235ee281c73c0f28ed9d4
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_powerpc.deb
      Size/MD5:   132578 08e7e684493b5be07caf87ee4a72b794
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_powerpc.deb
      Size/MD5:    81516 ddccbfd2f3c16afab66d3497e16b0a7b

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_sparc.deb
      Size/MD5:   131528 05cf349f401cadcce9b4f05af60c5a7c
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_sparc.deb
      Size/MD5:   124898 d558d40964826c4fd4653c31e1df8225
    http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_sparc.deb
      Size/MD5:    71818 d0edb0876c741dfddbd063d9d84ea10f



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ