libapreq2 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
* Ubuntu 18.04 LTS
Summary
libapreq2 could be made to crash if it received specially crafted
network traffic.
Software Description
* libapreq2 - a safe, standards-compliant, high-performance
library used for parsing HTTP cookies, query-strings and POST
data
Details
It was discovered that libapreq2 did not properly sanitize the
Content-Type field in certain, crafted HTTP requests. An attacker
could use this vulnerability to cause libapreq2 to crash.
Update instructions
The problem can be corrected by updating your system to the
following package versions:
Ubuntu 18.04 LTS
libapache2-mod-apreq2 - 2.13-7~deb10u1build0.18.04.1
libapache2-request-perl - 2.13-7~deb10u1build0.18.04.1
libapreq2-3 - 2.13-7~deb10u1build0.18.04.1
libapreq2-dev - 2.13-7~deb10u1build0.18.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary
changes.
References
* CVE-2019-12412
--- Mystic BBS v1.12 A46 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)