USN-813-3: apr-util vulnerability
Posted on: 08/08/2009 09:00 AM

A new apr-util vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-813-3 August 08, 2009
apr-util vulnerability
CVE-2009-2412
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
libaprutil1 1.2.12+dfsg-3ubuntu0.2

Ubuntu 8.10:
libaprutil1 1.2.12+dfsg-7ubuntu0.3

Ubuntu 9.04:
libaprutil1 1.2.12+dfsg-8ubuntu0.3

After a standard system upgrade you need to restart any applications using
apr-util, such as Subversion and Apache, to effect the necessary changes.

Details follow:

USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr-util.

Original advisory details:

Matt Lewis discovered that apr did not properly sanitize its input when
allocating memory. If an application using apr processed crafted input, a
remote attacker could cause a denial of service or potentially execute
arbitrary code as the user invoking the application.


Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-3ubuntu0.2.diff.gz
Size/MD5: 25223 c491683a8eafa49c7405a3f300e65121
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-3ubuntu0.2.dsc
Size/MD5: 1324 88ae14ce33166e372cdd6f8bcf613f92
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz
Size/MD5: 658687 4ef3e41037fe0cdd3a0d107335a008eb

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_amd64.deb
Size/MD5: 133304 e29516cb4b454f1c3cd325e5cbe39cb4
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_amd64.deb
Size/MD5: 129976 8f85bb63ecb4065a80b1b88ba8d76948
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_amd64.deb
Size/MD5: 76016 4e9115941ed9159e504184ca13aa90e4

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_i386.deb
Size/MD5: 126510 2da368c73ee8f98b5dab99e1709f1156
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_i386.deb
Size/MD5: 119570 3d2ae02052a2b86d26aaf2f33c412a33
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_i386.deb
Size/MD5: 70528 388a8676998117644995e177f5936bbe

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_lpia.deb
Size/MD5: 128320 dabf57ad0cecb8fcd89fe727ed3dc31b
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_lpia.deb
Size/MD5: 119216 45a38f1b5754562d783f75d24210c74d
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_lpia.deb
Size/MD5: 69700 4da2de6469a2986eaa1a6a83189424ea

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_powerpc.deb
Size/MD5: 134052 317a3362a63bac3e6968793b1bae8772
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_powerpc.deb
Size/MD5: 130390 6a22f60dd54ebb4905f32c7e25d016a7
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_powerpc.deb
Size/MD5: 80238 46514a01aafcaf4c2f9403aecec2ee67

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_sparc.deb
Size/MD5: 120272 ff0c69402549737e9ded54e1f8121183
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_sparc.deb
Size/MD5: 124284 e4f8d6fb63c40e2c7e1f76c17e731ae7
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_sparc.deb
Size/MD5: 71220 c9e3d018c2c90ff0df35076ce9cc61c9

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-7ubuntu0.3.diff.gz
Size/MD5: 26056 681e0a17fbbc73c4df8039af9c9bf39b
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-7ubuntu0.3.dsc
Size/MD5: 1632 0b733d35b65cbaa590106f5439a3d60c
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz
Size/MD5: 658687 4ef3e41037fe0cdd3a0d107335a008eb

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_amd64.deb
Size/MD5: 150926 f84b953448992901f397163370ea50cb
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_amd64.deb
Size/MD5: 136498 5aacc2b07791b3bd829ac7f86acd339c
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_amd64.deb
Size/MD5: 82582 c9026cdd489cd35e370ba77d2340b61a

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_i386.deb
Size/MD5: 144188 37a2d20a24036401f18fda98f305f707
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_i386.deb
Size/MD5: 124918 ab9e5a80eadcc83a56fa79947bcf50d2
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_i386.deb
Size/MD5: 75948 f60d59dc4dfae7642759e9e04836a043

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_lpia.deb
Size/MD5: 145568 461f743ee035d1c819e999b7fb285e3d
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_lpia.deb
Size/MD5: 124706 88715c94e75a9208472f89315a43a191
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_lpia.deb
Size/MD5: 75294 75ec0cb0a60394270ed01c624ab2ca45

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_powerpc.deb
Size/MD5: 150370 b4ceaab7f90f66cfa7c1f49807392eb3
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_powerpc.deb
Size/MD5: 136022 e387a546ebdac695e59c0a9c8e81c317
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_powerpc.deb
Size/MD5: 84950 b686d8972716ba63a3d11d814839b9cf

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_sparc.deb
Size/MD5: 135514 9827bf55329a04b17f6a7f84607cf2c2
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_sparc.deb
Size/MD5: 128478 cb3c9c3ed8c65bb4150bb43695c7e100
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_sparc.deb
Size/MD5: 75496 3ea0dff43bb0f651ae0148e448d13ad4

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-8ubuntu0.3.diff.gz
Size/MD5: 23312 6585617002ebb7d19e1bda7e099ae282
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-8ubuntu0.3.dsc
Size/MD5: 1630 f7de26eb17fec57fa163e3e4410206ba
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz
Size/MD5: 658687 4ef3e41037fe0cdd3a0d107335a008eb

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_amd64.deb
Size/MD5: 147492 81a39d8f099e1df7ebe44fe183c4b862
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_amd64.deb
Size/MD5: 133158 b419556248ef642ba39d885977836d21
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_amd64.deb
Size/MD5: 79108 ce8b662218c46553859aa56e62eb7478

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_i386.deb
Size/MD5: 140628 652b4cebfd41a022bce97331144cb781
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_i386.deb
Size/MD5: 121362 e7116f8304e07bfe3972909d5d3a2527
http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_i386.deb
Size/MD5: 72564 45123878c4a49deac7b9cd3d2ffc114b

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_lpia.deb
Size/MD5: 141900 5ebf828408751090b98f5bcc333091d1
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_lpia.deb
Size/MD5: 121152 7966b64663cdb9f2f356bab6bf5497a1
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_lpia.deb
Size/MD5: 71974 fa4eecc0e9fbde67202a4d6cb23428a4

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_powerpc.deb
Size/MD5: 146736 c24f4e72d8d235ee281c73c0f28ed9d4
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_powerpc.deb
Size/MD5: 132578 08e7e684493b5be07caf87ee4a72b794
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_powerpc.deb
Size/MD5: 81516 ddccbfd2f3c16afab66d3497e16b0a7b

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_sparc.deb
Size/MD5: 131528 05cf349f401cadcce9b4f05af60c5a7c
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_sparc.deb
Size/MD5: 124898 d558d40964826c4fd4653c31e1df8225
http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_sparc.deb
Size/MD5: 71818 d0edb0876c741dfddbd063d9d84ea10f



--45Z9DzgjV8m4Oswq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp9E58ACgkQW0JvuRdL8Br5fgCeKUWnIDW2XdUBk854msrfQLV3
Hg0AoIvTIH+IuXvAxqEOOy3rejbIvERR
=8ocC
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_813_3_apr_util_vulnerability.html)