=========================================================== Ubuntu Security Notice USN-813-3 August 08, 2009 apr-util vulnerability CVE-2009-2412 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libaprutil1 1.2.12+dfsg-3ubuntu0.2 Ubuntu 8.10: libaprutil1 1.2.12+dfsg-7ubuntu0.3 Ubuntu 9.04: libaprutil1 1.2.12+dfsg-8ubuntu0.3 After a standard system upgrade you need to restart any applications using apr-util, such as Subversion and Apache, to effect the necessary changes. Details follow: USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr-util. Original advisory details: Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-3ubuntu0.2.diff.gz Size/MD5: 25223 c491683a8eafa49c7405a3f300e65121 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-3ubuntu0.2.dsc Size/MD5: 1324 88ae14ce33166e372cdd6f8bcf613f92 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5: 658687 4ef3e41037fe0cdd3a0d107335a008eb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_amd64.deb Size/MD5: 133304 e29516cb4b454f1c3cd325e5cbe39cb4 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_amd64.deb Size/MD5: 129976 8f85bb63ecb4065a80b1b88ba8d76948 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_amd64.deb Size/MD5: 76016 4e9115941ed9159e504184ca13aa90e4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_i386.deb Size/MD5: 126510 2da368c73ee8f98b5dab99e1709f1156 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_i386.deb Size/MD5: 119570 3d2ae02052a2b86d26aaf2f33c412a33 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_i386.deb Size/MD5: 70528 388a8676998117644995e177f5936bbe lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_lpia.deb Size/MD5: 128320 dabf57ad0cecb8fcd89fe727ed3dc31b http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_lpia.deb Size/MD5: 119216 45a38f1b5754562d783f75d24210c74d http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_lpia.deb Size/MD5: 69700 4da2de6469a2986eaa1a6a83189424ea powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_powerpc.deb Size/MD5: 134052 317a3362a63bac3e6968793b1bae8772 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_powerpc.deb Size/MD5: 130390 6a22f60dd54ebb4905f32c7e25d016a7 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_powerpc.deb Size/MD5: 80238 46514a01aafcaf4c2f9403aecec2ee67 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_sparc.deb Size/MD5: 120272 ff0c69402549737e9ded54e1f8121183 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_sparc.deb Size/MD5: 124284 e4f8d6fb63c40e2c7e1f76c17e731ae7 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_sparc.deb Size/MD5: 71220 c9e3d018c2c90ff0df35076ce9cc61c9 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-7ubuntu0.3.diff.gz Size/MD5: 26056 681e0a17fbbc73c4df8039af9c9bf39b http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-7ubuntu0.3.dsc Size/MD5: 1632 0b733d35b65cbaa590106f5439a3d60c http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5: 658687 4ef3e41037fe0cdd3a0d107335a008eb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_amd64.deb Size/MD5: 150926 f84b953448992901f397163370ea50cb http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_amd64.deb Size/MD5: 136498 5aacc2b07791b3bd829ac7f86acd339c http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_amd64.deb Size/MD5: 82582 c9026cdd489cd35e370ba77d2340b61a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_i386.deb Size/MD5: 144188 37a2d20a24036401f18fda98f305f707 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_i386.deb Size/MD5: 124918 ab9e5a80eadcc83a56fa79947bcf50d2 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_i386.deb Size/MD5: 75948 f60d59dc4dfae7642759e9e04836a043 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_lpia.deb Size/MD5: 145568 461f743ee035d1c819e999b7fb285e3d http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_lpia.deb Size/MD5: 124706 88715c94e75a9208472f89315a43a191 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_lpia.deb Size/MD5: 75294 75ec0cb0a60394270ed01c624ab2ca45 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_powerpc.deb Size/MD5: 150370 b4ceaab7f90f66cfa7c1f49807392eb3 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_powerpc.deb Size/MD5: 136022 e387a546ebdac695e59c0a9c8e81c317 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_powerpc.deb Size/MD5: 84950 b686d8972716ba63a3d11d814839b9cf sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_sparc.deb Size/MD5: 135514 9827bf55329a04b17f6a7f84607cf2c2 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_sparc.deb Size/MD5: 128478 cb3c9c3ed8c65bb4150bb43695c7e100 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_sparc.deb Size/MD5: 75496 3ea0dff43bb0f651ae0148e448d13ad4 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-8ubuntu0.3.diff.gz Size/MD5: 23312 6585617002ebb7d19e1bda7e099ae282 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-8ubuntu0.3.dsc Size/MD5: 1630 f7de26eb17fec57fa163e3e4410206ba http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5: 658687 4ef3e41037fe0cdd3a0d107335a008eb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_amd64.deb Size/MD5: 147492 81a39d8f099e1df7ebe44fe183c4b862 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_amd64.deb Size/MD5: 133158 b419556248ef642ba39d885977836d21 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_amd64.deb Size/MD5: 79108 ce8b662218c46553859aa56e62eb7478 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_i386.deb Size/MD5: 140628 652b4cebfd41a022bce97331144cb781 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_i386.deb Size/MD5: 121362 e7116f8304e07bfe3972909d5d3a2527 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_i386.deb Size/MD5: 72564 45123878c4a49deac7b9cd3d2ffc114b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_lpia.deb Size/MD5: 141900 5ebf828408751090b98f5bcc333091d1 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_lpia.deb Size/MD5: 121152 7966b64663cdb9f2f356bab6bf5497a1 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_lpia.deb Size/MD5: 71974 fa4eecc0e9fbde67202a4d6cb23428a4 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_powerpc.deb Size/MD5: 146736 c24f4e72d8d235ee281c73c0f28ed9d4 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_powerpc.deb Size/MD5: 132578 08e7e684493b5be07caf87ee4a72b794 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_powerpc.deb Size/MD5: 81516 ddccbfd2f3c16afab66d3497e16b0a7b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_sparc.deb Size/MD5: 131528 05cf349f401cadcce9b4f05af60c5a7c http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_sparc.deb Size/MD5: 124898 d558d40964826c4fd4653c31e1df8225 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_sparc.deb Size/MD5: 71818 d0edb0876c741dfddbd063d9d84ea10f
Attachment:
signature.asc
Description: Digital signature