[USN-7038-1] APR vulnerability

Vyom Yadav vyom.yadav at canonical.com
Thu Sep 26 09:29:02 UTC 2024 

==========================================================================
Ubuntu Security Notice USN-7038-1
September 26, 2024

apr vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

The system could be made to expose sensitive information.

Software Description:
- apr: Apache Portable Runtime Library

Details:

Thomas Stangner discovered a permission vulnerability in the Apache
Portable Runtime (APR) library. A local attacker could possibly use this
issue to read named shared memory segments, potentially exposing sensitive
application data.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   libapr1-dev                     1.7.2-3.1ubuntu0.1
   libapr1t64                      1.7.2-3.1ubuntu0.1

Ubuntu 22.04 LTS
   libapr1                         1.7.0-8ubuntu0.22.04.2
   libapr1-dev                     1.7.0-8ubuntu0.22.04.2

Ubuntu 20.04 LTS
   libapr1                         1.6.5-1ubuntu1.1
   libapr1-dev                     1.6.5-1ubuntu1.1

Ubuntu 18.04 LTS
   libapr1                         1.6.3-2ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   libapr1-dev                     1.6.3-2ubuntu0.1~esm1
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   libapr1                         1.5.2-3ubuntu0.1~esm2
                                   Available with Ubuntu Pro
   libapr1-dev                     1.5.2-3ubuntu0.1~esm2
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7038-1
   CVE-2023-49582

Package Information:
   https://launchpad.net/ubuntu/+source/apr/1.7.2-3.1ubuntu0.1
   https://launchpad.net/ubuntu/+source/apr/1.7.0-8ubuntu0.22.04.2
   https://launchpad.net/ubuntu/+source/apr/1.6.5-1ubuntu1.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20240926/b3afdb4a/attachment.sig>

More information about the ubuntu-security-announce mailing list