Wednesday, October 16, 2024

[USN-7038-2] APR vulnerability

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQSV2d7RU755utSnx3O7Ba3EKYsoKQUCZw95VQUDAAAAAAAKCRC7Ba3EKYsoKUP6
AQDvhbZxuwvqt82XW6oBwJ5V1qKAHQxbYiDpWO1sdObPPwD7BAyTOSQEffZ6/vTu4iBmbQKvfF12
Qd0z45XlhZDyGAQ=
=0ir6
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7038-2
October 16, 2024

apr vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

The system could be made to expose sensitive information.

Software Description:
- apr: Apache Portable Runtime Library

Details:

USN-7038-1 fixed a vulnerability in Apache Portable Runtime (APR) library.
This update provides the corresponding update for Ubuntu 14.04 LTS.

Original advisory details:

 Thomas Stangner discovered a permission vulnerability in the Apache
 Portable Runtime (APR) library. A local attacker could possibly use this
 issue to read named shared memory segments, potentially exposing sensitive
 application data.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
  libapr1                         1.5.0-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  libapr1-dev                     1.5.0-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7038-2
  https://ubuntu.com/security/notices/USN-7038-1
  CVE-2023-49582

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)