USN-1134-1: APR vulnerabilities

24 May 2011

A denial of service issue exists that affects the Apache web server.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

apache2 - a scalable, extensible web server
apr - The Apache Portable Runtime Library

Details

Maksymilian Arciemowicz reported that a flaw in the fnmatch()
implementation in the Apache Portable Runtime (APR) library could allow
an attacker to cause a denial of service. This can be demonstrated
in a remote denial of service attack against mod_autoindex in the
Apache web server. (CVE-2011-0419)

Is was discovered that the fix for CVE-2011-0419 introduced a different
flaw in the fnmatch() implementation that could also result in a
denial of service. (CVE-2011-1928)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

After a standard system update you need to restart the Apache web
server or any other service that depends on the APR library to make
all the necessary changes.

References

Join the discussion

Need help with your security needs?

Ubuntu Pro provides up to ten-year security coverage for over 23,000 open-source packages within the Ubuntu Main and Universe repositories.

Talk to an expert to find out what would work best for you

USN-1134-1: APR vulnerabilities

Reduce your security exposure

Releases

Packages

Details

Reduce your security exposure

Update instructions

Ubuntu 8.04

Ubuntu 6.06

Ubuntu 11.04

Ubuntu 10.10

Ubuntu 10.04

References

Join the discussion

Need help with your security needs?

Further reading