USN-3825-1: mod_perl vulnerability

Publication date

21 November 2018

Overview

mod_perl could be made to run programs contrary to expectations.


Packages

Details

Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration
options to disable being used by unprivileged users, contrary to the
documentation. A local attacker could possibly use this issue to execute
arbitrary Perl code.

Jan Ingvoldstad discovered that mod_perl incorrectly handled configuration
options to disable being used by unprivileged users, contrary to the
documentation. A local attacker could possibly use this issue to execute
arbitrary Perl code.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
18.10 cosmic libapache2-mod-perl2 –  2.0.10-2ubuntu3.18.10.1
18.04 bionic libapache2-mod-perl2 –  2.0.10-2ubuntu3.18.04.1
16.04 xenial libapache2-mod-perl2 –  2.0.9-4ubuntu1.2
14.04 trusty libapache2-mod-perl2 –  2.0.8+httpd24-r1449661-6ubuntu2.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›