USN-813-2: Apache vulnerability

view full story

http://www.ubuntu.com – Referenced CVEs:  CVE-2009-2412 Description:  =========================================================== Ubuntu Security Notice USN-813-2 August 08, 2009 apache2 vulnerability CVE-2009-2412 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libapr0 2.0.55-4ubuntu2.7 After a standard system upgrade you need to restart any applications using apr, such as Subversion and Apache, to effect the necessary changes. Details follow: USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS. Original advisory details: Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application. (Distributions)