1. Ubuntu Security Notices
  2. USN-5870-1

USN-5870-1: apr-util vulnerability

Publication date

14 February 2023

Overview

APR-util could be made to crash or run programs as an administrator if it received specially crafted input.

Releases

Packages

  • apr-util - Apache Portable Runtime Utility Library

Details

Ronald Crane discovered that APR-util did not properly handled memory when
encoding or decoding certain input data. An attacker could possibly use
this issue to cause a denial of service, or possibly execute arbitrary
code.

Ronald Crane discovered that APR-util did not properly handled memory when
encoding or decoding certain input data. An attacker could possibly use
this issue to cause a denial of service, or possibly execute arbitrary
code.

Update instructions

After a standard system update you need to restart any application using APR-util libraries to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
22.10 kinetic libaprutil1 –  1.6.1-5ubuntu4.22.10.1
22.04 jammy libaprutil1 –  1.6.1-5ubuntu4.22.04.1
20.04 focal libaprutil1 –  1.6.1-4ubuntu2.1
18.04 bionic libaprutil1 –  1.6.1-2ubuntu0.1
16.04 xenial libaprutil1 –  1.5.4-1ubuntu0.1~esm2  
14.04 trusty libaprutil1 –  1.5.3-1ubuntu0.1~esm2  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›