Zwei Probleme in APR
ID: | USN-1134-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 6.06, Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 |
Datum: | Di, 24. Mai 2011, 22:49 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928 |
Applikationen: | Apache Portable Runtime |
Originalnachricht |
|
--===============7901516284426868035== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="qDbXVdCdHGoSgWSk" Content-Disposition: inline --qDbXVdCdHGoSgWSk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-1134-1 May 24, 2011 apache2, apr vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS - Ubuntu 6.06 LTS Summary: A denial of service issue exists that affects the Apache web server. Software Description: - apr: The Apache Portable Runtime Library - apache2: a scalable, extensible web server Details: Maksymilian Arciemowicz reported that a flaw in the fnmatch() implementation in the Apache Portable Runtime (APR) library could allow an attacker to cause a denial of service. This can be demonstrated in a remote denial of service attack against mod_autoindex in the Apache web server. (CVE-2011-0419) Is was discovered that the fix for CVE-2011-0419 introduced a different flaw in the fnmatch() implementation that could also result in a denial of service. (CVE-2011-1928) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: libapr1 1.4.2-7ubuntu2.1 Ubuntu 10.10: libapr1 1.4.2-3ubuntu1.1 Ubuntu 10.04 LTS: libapr1 1.3.8-1ubuntu0.3 Ubuntu 8.04 LTS: libapr1 1.2.11-1ubuntu0.2 Ubuntu 6.06 LTS: libapr0 2.0.55-4ubuntu2.13 After a standard system update you need to restart the Apache web server or any other service that depends on the APR library to make all the necessary changes. References: CVE-2011-0419, CVE-2011-1928 Package Information: https://launchpad.net/ubuntu/+source/apr/1.4.2-7ubuntu2.1 https://launchpad.net/ubuntu/+source/apr/1.4.2-3ubuntu1.1 https://launchpad.net/ubuntu/+source/apr/1.3.8-1ubuntu0.3 https://launchpad.net/ubuntu/+source/apr/1.2.11-1ubuntu0.2 https://launchpad.net/ubuntu/+source/apache2/2.0.55-4ubuntu2.13 --qDbXVdCdHGoSgWSk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCgAGBQJN3BcGAAoJEC8Jno0AXoH0k5IP/3APUQ2p7hajcu0G/NA57N1O FOzknGcAfvmtY5e27FhT4tiqXxq6yBjEpNWa13Wz4KLNJljKTN9geqG2yD9vstLU oin1EIAC6jVWDAN7Lb6Gpo430fuCwq3Tlu7gbdnS3Hu7R6GVoqR4vvw2uUYNn/9Y 6cChZNu8usHozHcT1DsIKLUOhmS3acswWi42Td1TmIkKSs54N/ej+RIzo8W8EDgd QFQXPq+qFYDxDsdJY9TlqGMJ92D6X0x93R8C689uzdHp2O/dQpVjn3IntG3P8f3J TewswwYPM8AdhBL2qTYINIA8BXkJqt2ScYBMCbG+Fp8cemHFpUuWr9s7cbR8DQQv zF0eSHiA07BOmDo7ILJZNteYPB2LGagSFJxqOxJ8gd50NC8i5J3J1Elv3OkqWtlR fhzlTJZT1+t0H1uRP5TirUvCacnz82JJ4naq/oAlSdGdmnHOUhl7sa2RKFagFf9C HEH5yvyigY9Ox7wSsHt4egOe3FXuFWXsMtLNApOANGSTd2Y1b3VrHN7lu0s4NE4O 9Z5Lq+wDupl1zRTgK57RSo/FHE1H0Dpqz8xqQ3ST1uj26p0X/ovQ6covbycDEKMa 5qqRqSc0g+dbtlQXpF/iSfg+vS3bY05EaBW5IctpuG5ktegxQefwAcjTqYO4ZkKI QbaBMN3pXCJ5/Ajy9P83 =Rvr4 -----END PGP SIGNATURE----- --qDbXVdCdHGoSgWSk-- --===============7901516284426868035== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============7901516284426868035==-- |