Ubuntu Local Security Checks : Ubuntu USN-1134-1 (libapr1)

Resumen de Precio/Funciones | Ordenar | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad

Búsqueda de Vulnerabilidad		Buscar 61204 Descripciones CVE y 32582 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.70847

Categoría: Ubuntu Local Security Checks

Título: Ubuntu USN-1134-1 (libapr1)

Resumen: Ubuntu USN-1134-1 (libapr1)

Descripción: The remote host is missing an update to libapr1
announced via advisory USN-1134-1.

Details:

Maksymilian Arciemowicz reported that a flaw in the fnmatch()
implementation in the Apache Portable Runtime (APR) library could allow
an attacker to cause a denial of service. This can be demonstrated
in a remote denial of service attack against mod_autoindex in the
Apache web server. (CVE-2011-0419)

Is was discovered that the fix for CVE-2011-0419 introduced a different
flaw in the fnmatch() implementation that could also result in a
denial of service. (CVE-2011-1928)

Solution:
The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
libapr1 1.4.2-7ubuntu2.1

Ubuntu 10.10:
libapr1 1.4.2-3ubuntu1.1

Ubuntu 10.04 LTS:
libapr1 1.3.8-1ubuntu0.3

Ubuntu 8.04 LTS:
libapr1 1.2.11-1ubuntu0.2

http://www.securityspace.com/smysecure/catid.html?in=USN-1134-1

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0419
http://securityreason.com/achievement_securityalert/98
http://www.mail-archive.com/dev@apr.apache.org/msg23961.html
http://www.mail-archive.com/dev@apr.apache.org/msg23960.html
http://www.mail-archive.com/dev@apr.apache.org/msg23976.html
http://cxib.net/stuff/apache.fnmatch.phps
http://cxib.net/stuff/apr_fnmatch.txts
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Debian Security Information: DSA-2237 (Google Search)
http://www.debian.org/security/2011/dsa-2237
HPdes Security Advisory: HPSBUX02702
http://marc.info/?l=bugtraq&m=131551295528105&w=2
HPdes Security Advisory: HPSBUX02707
http://marc.info/?l=bugtraq&m=131731002122529&w=2
HPdes Security Advisory: SSRT100606
HPdes Security Advisory: SSRT100626
HPdes Security Advisory: HPSBMU02704
http://marc.info/?l=bugtraq&m=132033751509019&w=2
HPdes Security Advisory: HPSBOV02822
http://marc.info/?l=bugtraq&m=134987041210674&w=2
HPdes Security Advisory: SSRT100966
http://www.mandriva.com/security/advisories?name=MDVSA-2011:084
http://www.redhat.com/support/errata/RHSA-2011-0507.html
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://www.redhat.com/support/errata/RHSA-2011-0897.html
SuSE Security Announcement: SUSE-SU-2011:1229 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14638
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14804
http://securitytracker.com/id?1025527
http://secunia.com/advisories/44490
http://secunia.com/advisories/44564
http://secunia.com/advisories/44574
http://securityreason.com/securityalert/8246
Common Vulnerability Exposure (CVE) ID: CVE-2011-1928
http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403@apache.org%3E
http://openwall.com/lists/oss-security/2011/05/19/5
http://openwall.com/lists/oss-security/2011/05/19/10
http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005@apache.org%3e
http://www.mandriva.com/security/advisories?name=MDVSA-2011:095
http://www.redhat.com/support/errata/RHSA-2011-0844.html
http://secunia.com/advisories/44558
http://secunia.com/advisories/44661
http://secunia.com/advisories/44780
http://secunia.com/advisories/44613
http://www.vupen.com/english/advisories/2011/1289
http://www.vupen.com/english/advisories/2011/1290

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 32582 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:

Usuario:

Contraseña:

Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.

Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.

Privacidad

Ingreso de Usuario Registrado

Usuario:

Contraseña:

¿Olvidó su usuario o contraseña??

Email/ID de Usario:

ID de Prueba:	1.3.6.1.4.1.25623.1.0.70847
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu USN-1134-1 (libapr1)
Resumen:	Ubuntu USN-1134-1 (libapr1)
Descripción:	The remote host is missing an update to libapr1 announced via advisory USN-1134-1. Details: Maksymilian Arciemowicz reported that a flaw in the fnmatch() implementation in the Apache Portable Runtime (APR) library could allow an attacker to cause a denial of service. This can be demonstrated in a remote denial of service attack against mod_autoindex in the Apache web server. (CVE-2011-0419) Is was discovered that the fix for CVE-2011-0419 introduced a different flaw in the fnmatch() implementation that could also result in a denial of service. (CVE-2011-1928) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: libapr1 1.4.2-7ubuntu2.1 Ubuntu 10.10: libapr1 1.4.2-3ubuntu1.1 Ubuntu 10.04 LTS: libapr1 1.3.8-1ubuntu0.3 Ubuntu 8.04 LTS: libapr1 1.2.11-1ubuntu0.2 http://www.securityspace.com/smysecure/catid.html?in=USN-1134-1
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0419 http://securityreason.com/achievement_securityalert/98 http://www.mail-archive.com/dev@apr.apache.org/msg23961.html http://www.mail-archive.com/dev@apr.apache.org/msg23960.html http://www.mail-archive.com/dev@apr.apache.org/msg23976.html http://cxib.net/stuff/apache.fnmatch.phps http://cxib.net/stuff/apr_fnmatch.txts http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html Debian Security Information: DSA-2237 (Google Search) http://www.debian.org/security/2011/dsa-2237 HPdes Security Advisory: HPSBUX02702 http://marc.info/?l=bugtraq&m=131551295528105&w=2 HPdes Security Advisory: HPSBUX02707 http://marc.info/?l=bugtraq&m=131731002122529&w=2 HPdes Security Advisory: SSRT100606 HPdes Security Advisory: SSRT100626 HPdes Security Advisory: HPSBMU02704 http://marc.info/?l=bugtraq&m=132033751509019&w=2 HPdes Security Advisory: HPSBOV02822 http://marc.info/?l=bugtraq&m=134987041210674&w=2 HPdes Security Advisory: SSRT100966 http://www.mandriva.com/security/advisories?name=MDVSA-2011:084 http://www.redhat.com/support/errata/RHSA-2011-0507.html http://www.redhat.com/support/errata/RHSA-2011-0896.html http://www.redhat.com/support/errata/RHSA-2011-0897.html SuSE Security Announcement: SUSE-SU-2011:1229 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14638 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14804 http://securitytracker.com/id?1025527 http://secunia.com/advisories/44490 http://secunia.com/advisories/44564 http://secunia.com/advisories/44574 http://securityreason.com/securityalert/8246 Common Vulnerability Exposure (CVE) ID: CVE-2011-1928 http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403@apache.org%3E http://openwall.com/lists/oss-security/2011/05/19/5 http://openwall.com/lists/oss-security/2011/05/19/10 http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005@apache.org%3e http://www.mandriva.com/security/advisories?name=MDVSA-2011:095 http://www.redhat.com/support/errata/RHSA-2011-0844.html http://secunia.com/advisories/44558 http://secunia.com/advisories/44661 http://secunia.com/advisories/44780 http://secunia.com/advisories/44613 http://www.vupen.com/english/advisories/2011/1289 http://www.vupen.com/english/advisories/2011/1290
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com