UBUNTU-CVE-2023-49582
- Source
- https://ubuntu.com/security/CVE-2023-49582
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-49582.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-49582
- Related
- Published
- 2024-08-26T14:15:00Z
- Modified
- 2024-11-29T16:30:11Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APRUSESHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.
- References
-
- https://ubuntu.com/security/CVE-2023-49582
- https://www.cve.org/CVERecord?id=CVE-2023-49582
- https://www.openwall.com/lists/oss-security/2024/08/26/1
- https://lists.apache.org/thread/h5f1c2dqm8bf5yfosw3rg85927p612l0
- https://lists.apache.org/thread/sntjc04t1rvjhdzz2tzmtz2zdnmv7dc4
- https://ubuntu.com/security/notices/USN-7038-1
- https://ubuntu.com/security/notices/USN-7038-2
Affected packages
Ubuntu:Pro:14.04:LTS / apr
Package
- Name
- apr
- Purl
- pkg:deb/ubuntu/apr?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.5.0-1ubuntu0.1~esm2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.5.0-1ubuntu0.1~esm2",
"binary_name": "libapr1"
},
{
"binary_version": "1.5.0-1ubuntu0.1~esm2",
"binary_name": "libapr1-dbg"
},
{
"binary_version": "1.5.0-1ubuntu0.1~esm2",
"binary_name": "libapr1-dbgsym"
},
{
"binary_version": "1.5.0-1ubuntu0.1~esm2",
"binary_name": "libapr1-dev"
},
{
"binary_version": "1.5.0-1ubuntu0.1~esm2",
"binary_name": "libapr1-dev-dbgsym"
}
]
}
Ubuntu:Pro:16.04:LTS / apr
Package
- Name
- apr
- Purl
- pkg:deb/ubuntu/apr?arch=src?distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.5.2-3ubuntu0.1~esm2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.5.2-3ubuntu0.1~esm2",
"binary_name": "libapr1"
},
{
"binary_version": "1.5.2-3ubuntu0.1~esm2",
"binary_name": "libapr1-dbg"
},
{
"binary_version": "1.5.2-3ubuntu0.1~esm2",
"binary_name": "libapr1-dbgsym"
},
{
"binary_version": "1.5.2-3ubuntu0.1~esm2",
"binary_name": "libapr1-dev"
},
{
"binary_version": "1.5.2-3ubuntu0.1~esm2",
"binary_name": "libapr1-dev-dbgsym"
}
]
}
Ubuntu:Pro:18.04:LTS / apr
Package
- Name
- apr
- Purl
- pkg:deb/ubuntu/apr?arch=src?distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.6.3-2ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.6.3-2ubuntu0.1~esm1",
"binary_name": "libapr1"
},
{
"binary_version": "1.6.3-2ubuntu0.1~esm1",
"binary_name": "libapr1-dbg"
},
{
"binary_version": "1.6.3-2ubuntu0.1~esm1",
"binary_name": "libapr1-dev"
}
]
}
Ubuntu:20.04:LTS / apr
Package
- Name
- apr
- Purl
- pkg:deb/ubuntu/apr?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.6.5-1ubuntu1.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.6.5-1ubuntu1.1",
"binary_name": "libapr1"
},
{
"binary_version": "1.6.5-1ubuntu1.1",
"binary_name": "libapr1-dbg"
},
{
"binary_version": "1.6.5-1ubuntu1.1",
"binary_name": "libapr1-dev"
}
]
}
Ubuntu:22.04:LTS / apr
Package
- Name
- apr
- Purl
- pkg:deb/ubuntu/apr?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.7.0-8ubuntu0.22.04.2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.7.0-8ubuntu0.22.04.2",
"binary_name": "libapr1"
},
{
"binary_version": "1.7.0-8ubuntu0.22.04.2",
"binary_name": "libapr1-dbgsym"
},
{
"binary_version": "1.7.0-8ubuntu0.22.04.2",
"binary_name": "libapr1-dev"
}
]
}
Ubuntu:24.10 / apr
Package
- Name
- apr
- Purl
- pkg:deb/ubuntu/apr?arch=src?distro=oracular
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.7.2-3.2ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.7.2-3.2ubuntu1",
"binary_name": "libapr1-dev"
},
{
"binary_version": "1.7.2-3.2ubuntu1",
"binary_name": "libapr1t64"
},
{
"binary_version": "1.7.2-3.2ubuntu1",
"binary_name": "libapr1t64-dbgsym"
}
]
}
Ubuntu:24.04:LTS / apr
Package
- Name
- apr
- Purl
- pkg:deb/ubuntu/apr?arch=src?distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.7.2-3.1ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.7.2-3.1ubuntu0.1",
"binary_name": "libapr1-dev"
},
{
"binary_version": "1.7.2-3.1ubuntu0.1",
"binary_name": "libapr1t64"
},
{
"binary_version": "1.7.2-3.1ubuntu0.1",
"binary_name": "libapr1t64-dbgsym"
}
]
}