Sunday, February 26, 2023

[USN-5885-1] APR vulnerability

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsDNBGO0wO8BDAC3+o6xMuhLB0k1/uQyI0JKO9r4gupWHVzIREKBLj65+EoUlSu7
tufjmUHLZYBXjZab/MxsV5PxI9zjt871sielcOtlNCyDpcgovcEymvr5CV+MuzlX
d/0GZGI27HOgiX4ldEbBwl0Wkyq3UZM4FHkoItfbPgo/GV4KyxiaXj5CRuPKXCBi
5JIGyTW9fTca7kTvpSrA10PEBUK6PWnP3Q2skFjn7fm5PTC6ePGlatmzCUZg/piK
RpTWs9XxjLnyHglhY1wlGbDtdPTc8xsPKJH88hp86c5Estt/9qNQq8aNsIQfPd+M
Wxf23Aif6xEVLLmQVjSWGZiEUW6vNrAqPPiHmwedOuq83alwmjBxgsKGQLaoZBh/
tcru2vwhpIRCX6i2wRuo+Erkpkbn53+Qc0IOE6q1v8oTiDoTzd+kbC6jXlH2UeC1
86Y2iAhsqyFEj/ZwcH6zB3+L6yDXiWs721Lt+rhpwaoSNqSlXsX6lV6ixrLrAiPp
eR2JJSjsPyC6OfcAEQEAAc0lRGF2aWQgTGFuZSA8ZGF2aWQubGFuZUBjYW5vbmlj
YWwuY29tPsLBDgQTAQoAOBYhBOrnoF81LMebxVVraAcBf+u4yTEQBQJjtMDvAhsD
BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEAcBf+u4yTEQxcEL/2HKcLCMAR1i
i2VBqRMo8x537k5q5P0cNSGluozKCFwttrr8UPZuRiUx74gkHzeKaMwqKJUEaDjU
Yl5wev+a7izzwQAT5ILVVhG3/hbRCIkEufsOPo3iUNODlvoj0WAils+d5vCxzE7h
BmHj3Yf0xEHOjyU1Uv+3LCAUnqWxgkMxGfw3aEBxmX+zm76pXu+EZmqAPhsQPx7f
jrJ505P8NLQNdfoS5QfqbH0Yz6lMtFg9AhZrHr+YS+7d3F5GaiqfQbyMW48aaw+C
HdPS6ojsLR6on+wHkTm44h9RVnT3DBMJYLzq9Y0+CdemaCcXdNrcMda9SwOR1P35
nvG8Ywp2Nd32c+Sll2miYAkXdrPQs/zeGtUDfhgoPgz4La73+DXZcBdWnt5p9XyX
2SFw2DZXQ8GPr+Ude/fF6HcFw1rzx9pJ4yraHZI30+siyADB+qLgozWggAevYYjv
0Dnrp7g2k+lIsjh4YbSQYAwkW/rNXpo6dfi355/TShvNYVHd4A3rUs7AzQRjtMDv
AQwA4GPoBzQ3LUpGa5/uuSwVp22VFHxXQZ3IhGyGJ679Z+/ejfgcfv2nrTe6SHK+
A2An7iaN18TWb6Yu/buIYz03xQWYHtA9ddejygzydnM3JQDBL1cg0TU4BmmqwtAi
QuS0wJIjsLUHQnLCX35SezVCT9BK4/b+fzHbCj/uNLqGyqVkopFXo/OmduiwdoKh
apCFZPpJQD3+/T0D6OcTnATKZejRFRxRGzHoTEJxM13fJPnKIvhdpQj307nCp6L+
KqVTlP97q3VFzGN03r1grIO7N8SF47OsL70M84oIHQe66hNmqOYFgdkfPqXvxWO2
XgMMu5MITTNv6PuvPn3ke82u3x5e5ty/Qo5j0aVdaA28S/BslMDEizAwb1aVctSG
3itvSTOsPg1wxovbXPjwmqpd9OaS2BrxQYMVdqvDQgb1/H1yDZAAwg6a7UmxB5Sr
yTY6xJRwtaLNt94KqcJRNlNPo8EYNUGSYUfIsSPf1caZD/1gbnuO+Ub02TGAKg6M
Z4ObABEBAAHCwPYEGAEKACAWIQTq56BfNSzHm8VVa2gHAX/ruMkxEAUCY7TA7wIb
DAAKCRAHAX/ruMkxED/vC/97M5PVJzXxSIOPMZpvL9KtfI/B1oNwhrLBpmSwZud+
lQah6BWejIDp8o5sQjjuOIqNv/jDun0EAY69g8kNFqx8aeF6teEDCidtDa5mikr4
OfrE6NMMhIIrWTYizzh0kxo/CPGMSJsA1vBDA1F2Y3JIgW1rCy6O++79h7lYyK9D
/XIu+js9prNm8VTi69bV8PeCc4ggO+lmGngo/2NhTFNrUiRve7dYCSLCi9GafJf8
qkaP3S1Zk9y84h845jTK8CUCSW2O989BU0/iH6za0eMtZhcPBy5wkN5nXa9FT6e3
5OVH6Z1Gw/XKbiajDUzDIPXCKJLrMc36/t0DVj4ddro3H9hILUWqjplP1wz0MZ7A
RMJBsd85rE0ixsxkkCJ703/5UNLES/GiMj02RrajzKygWc6iaoKCj9SEhzj1SN6q
plk/i4VmQR4D/OVlZlitIqJsUIkq3KwBqk5uuvDsXFh677hgidhxDGrA+nkeBuzl
P8RB9WuqepDSf384NK1PS3w=
=fhwC
-----END PGP PUBLIC KEY BLOCK-----
==========================================================================
Ubuntu Security Notice USN-5885-1
February 27, 2023

apr vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10
- Ubuntu 22.04 LTS

Summary:

APR could possibly be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
- apr: Apache Portable Runtime Library

Details:

Ronald Crane discovered integer overflow vulnerabilities in the Apache
Portable Runtime (APR) that could potentially result in memory corruption.
A remote attacker could possibly use these issues to cause a denial of
service or execute arbitary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
libapr1 1.7.0-8ubuntu0.22.10.1

Ubuntu 22.04 LTS:
libapr1 1.7.0-8ubuntu0.22.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5885-1
CVE-2022-24963

Package Information:
https://launchpad.net/ubuntu/+source/apr/1.7.0-8ubuntu0.22.10.1
https://launchpad.net/ubuntu/+source/apr/1.7.0-8ubuntu0.22.04.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)