• libapreq2 vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Wed Sep 30 20:10:09 2020
    libapreq2 vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 18.04 LTS

    Summary

    libapreq2 could be made to crash if it received specially crafted
    network traffic.

    Software Description

    * libapreq2 - a safe, standards-compliant, high-performance
    library used for parsing HTTP cookies, query-strings and POST
    data

    Details

    It was discovered that libapreq2 did not properly sanitize the
    Content-Type field in certain, crafted HTTP requests. An attacker
    could use this vulnerability to cause libapreq2 to crash.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 18.04 LTS
    libapache2-mod-apreq2 - 2.13-7~deb10u1build0.18.04.1
    libapache2-request-perl - 2.13-7~deb10u1build0.18.04.1
    libapreq2-3 - 2.13-7~deb10u1build0.18.04.1
    libapreq2-dev - 2.13-7~deb10u1build0.18.04.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2019-12412

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)